9 Feb
2011
9 Feb
'11
5:12 p.m.
On 9.2.2011, at 15.09, Nick Rosier wrote:
How can I force users which are connecting from OUTSIDE our newtworks to user STARTTLS on Port 143?
Right now we resort to IMAPS on port 993, but an additional STARTTLS enabled login on the default port would make things easier!
You can probably add login_trusted_networks = localnet
IIRC this allows for unsecure login from your localnet but forces all other networks to use a secure authentication method (e.g. SSL, STARTTLS, CRAM or DIGEST).
I think that'll work, yes, but it has the additional feature of allowing clients from localnet to fake their IP address.
In v2.0 you can do:
disable_plaintext_auth = yes local 10.0.0.0/24 { disable_plaintext_auth = no }