[Dovecot] SSL only for external connections

Simon Brereton simon.brereton at buongiorno.com
Fri Sep 30 21:04:01 EEST 2011


> -----Original Message-----
> From: dovecot-bounces at dovecot.org [mailto:dovecot-
> bounces at dovecot.org] On Behalf Of Stan Hoeppner
> On 9/30/2011 12:34 PM, Simon Brereton wrote:
> >> -----Original Message-----
> >> From: dovecot-bounces at dovecot.org [mailto:dovecot-
> >> bounces at dovecot.org] On Behalf Of Terry Carmen
> >
> >>
> >> If SSL/TLS works from the outside, but not the inside, you should
> >> probably find out why and fix that instead.
> >
> > You'd think so - but since I don't actually need TLS from the
> inside,
> > and given my skill level - disabling it seems easier :)
> 
> You don't need TLS/SSL from the outside either, if this is strictly a
> webmail box.  In this case, configure Apache/lighttpd+Horde to only
> accept HTTPS connections from the outside, and configure Horde to
> connect via the Dovecot localhost:143 listener.  This is how I've
> been doing it with Roundcube for years.  Works like a champ.

It's not strictly a webmail box though.  IMAP clients (fixed and mobile) connect to it.  So what I'd like is IMAP, IMAPS, POP3 and POP3S on the outside and IMAP only on the local host (there's no actual reason to offer POP to the localhost either...


> With encrypted sessions between browser and web server, and both
> Horde and Dovecot running on the same host, you don't need to, nor
> want to, use IMAPS.

Makes sense.

Simon



More information about the dovecot mailing list