[Dovecot] Dovecot 2.1.7-7 only allow localhost access to IMAP and POP3

Tom Hendrikx tom at whyscream.net
Wed May 29 14:37:07 EEST 2013


On 05/29/2013 01:13 PM, Reindl Harald wrote:
> 
> Am 29.05.2013 12:41, schrieb Torben Schou Jensen:
>> I can read how to setup older version of dovecot with SquirrelMail.
>>
>> They recommend to use uncrypted IMAP when SquirrelMail is on same server.
>>
>> What I would like to support is then imap, imaps, pop3 and pop3s.
>>
>> imaps and pop3s for external users.
>> imap and pop3 only open for localhost, that is SquirrelMail on same machine.
>>
>> With dovecot 1 you could restrict access using
>> "imap_listen = localhost"
>>
>> How do I make the same restriction with localhost on dovecot 2 ???
> 
> if it listens only on localhost how should "imaps and pop3s for external
> users" work and additionally these days STARTTLS is recommended which
> works on the default ports 110/143
> 
> why do you not simply *offer* encryption *or* use webmail also
> with encryption?
> 

You should use imap with starttls (disable_plaintext_auth=yes) for the
imap service, then use login_trusted_networks=<127.0.0.1/8 to allow
webmail logins from localhost without ssl. Webmail doesn't use pop3, so
no changes there.

If you insist on using imaps and/or pop3s, then these can live alongside
the above without problems.

--
Tom

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130529/5565002b/attachment.bin>


More information about the dovecot mailing list