Hi,
we have following situation: I migrated our company mailserver from POP3 only to dovecot with IMAP and POP. We need to have unencrypted POP3 from our internal network, and the subnet our mailserver is in.
Additionally, we now want to allow encrypted IMAP from the internet (for some defined accounts), preferably with TLS (which means I open Port 143 in our firewall).
Now, how can I achieve that they can't use unencrypted plaintext authentication from Internet, while I allow unencrypted POP3 from the mailserver and private network? (I can require using encryption for IMAP from our internal net, but I must have unencrypted POP3 as we use software that retrieves mail via POP3 that doesn't support encryption).
My idea was: limit them to use encryption
- use disable_plaintext_auth for IMAP only
- use disable_plaintext_auth for internet, but not our networks
- allow connection from the internet only for certain accounts, and
Internet access for POP3 is not necessary. Is any of this possible with dovecot? Or another way to achieve my goal? Non-plaintext authentication is not possible, as we use linux system accounts with shadow passwords.
TIA Rainer Frey
-- Software Development
Inxmail GmbH