Strategies for protecting IMAP (e.g. MFA)

[Marc]

> Full access from any IP (except firehol-blacklist and fail2ban) is
> possible over VPN (openvpn) with MFA (privacyidea).
> Privacyidea also supplies a mobile-app compatible with a.o. TOTP and
> HOTP but it provides a more secure way of enrollment (2-step).

How are you managing dns/clients etc so only the email traffic is goes through the vpn and no other traffic?