15 Jul
2016
15 Jul
'16
12:13 a.m.
Sent from my iPhone
On Jul 14, 2016, at 3:56 PM, Michael Fox news@mefox.org wrote:
On my POP3 server, I need to be able to control the use of STARTTLS by client IP address. Specifically:
- Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have the option to use TLS. If the client tries to use STARTTLS, the option should be rejected. This is to satisfy US FCC rules regarding the use of encryption over certain radio frequencies.
- All other internal clients (e.g., 192.168.0.0/16, but not 192.168.1.0/24) should be able to use STARTTLS if they choose to.
- All external clients (0.0.0.0/0) will be required to use TLS.
Is there a way to control which clients are allowed to use STARTTLS according to the client's IP address?
Thanks, Michael
Seems like your firewall could redirect to a different port that doesn't offer starttls.