On 8/8/06, Johannes Berg johannes@sipsolutions.net wrote:
Kresimir Tonkovic wrote:
Correct me if I'm wrong, by default POP3 and POP3+SSL both work at the same port, 110. I want to let local users connect by plain POP3 and external users to use POP3+SSL. I don't see how I can set this up using iptables and tcpwrappers. Can you please provide more details? Ah, so you don't want to use pop3s but pop3+starttls. Just tell dovecot to deny any password when used over insecure connections. local connections are considered secure.
johannes
I'm sorry, I'm new to dovecot, it seems my terminology is all wrong :-)
I assumed pop3s is pop3+ssl is pop3 over ssl.
In my config file (just an excerpt):
protocols = pop3 pop3s pop3_listen = 192.168.0.1 pop3s_listen = elag.hr
elag.hr is my domain name. It resolves to the current external IP address.
So when I connect from outside, my email client asks me to verify a ssl certificate. This enforced me to believe pop3s is pop3 over ssl, or as I called it above pop3+ssl.
If I'm wrong, what is pop3+starttls?
kresho