[Dovecot] Force STARTTLS on port 143 for !internalnetwork

Timo Sirainen tss at iki.fi
Wed Feb 9 17:22:16 EET 2011


On 9.2.2011, at 17.13, Ralf Hildebrandt wrote:

> * Timo Sirainen <tss at iki.fi>:
> 
>> I think that'll work, yes, but it has the additional feature of allowing clients from localnet to fake their IP address.
> 
> Yes, I noticed this while reading the checkin message for the feature.

It's also mentioned in the example-config.

>> In v2.0 you can do:
>> 
>> disable_plaintext_auth = yes
>> local 10.0.0.0/24 {
>>  disable_plaintext_auth = no
>> }
> 
> Can I also specify more than one subnet there?

You can add multiple local {} blocks. Uh. Actually, you want remote {}, not local {}.



More information about the dovecot mailing list