controlling STARTTLS by IP address

lists at lazygranch.com lists at lazygranch.com
Thu Jul 14 21:23:31 UTC 2016


Are you 100% sure your interpretation of the FCC rules is correct? Do you really want passwords going out over RF unencrypted? 

As far as I know, only ham bands are not allowed to use encryption. Even baby monitors these days are DECT. (Mind you, not good encryption.)



  Original Message  
From: Michael Fox
Sent: Thursday, July 14, 2016 1:57 PM
To: Dovecot Mailing List
Subject: controlling STARTTLS by IP address

On my POP3 server, I need to be able to control the use of STARTTLS by
client IP address. Specifically:

* Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have
the option to use TLS. If the client tries to use STARTTLS, the option
should be rejected. This is to satisfy US FCC rules regarding the use of
encryption over certain radio frequencies.
* All other internal clients (e.g., 192.168.0.0/16, but not 192.168.1.0/24)
should be able to use STARTTLS if they choose to.
* All external clients (0.0.0.0/0) will be required to use TLS.

Is there a way to control which clients are allowed to use STARTTLS
according to the client's IP address?

Thanks,
Michael






More information about the dovecot mailing list