I just thought to remind people that with some firewalls, there's always a way to perform "silent" redirections using the DNAT target in the PREROUTING table, i.e.,:
-t nat -A PREROUTING -i ${EXTIF} -s ${NOTLSSOURCES} -p tcp --dport 110
--syn -j DNAT --to-destination ${DOVECOT}:${NOTLSPOP3PORT}That is basically what I meant without enough detail I guess.
Yes. Good point. And thanks for the clarification.
As a Dovecot newbie, I'm curious. What would be the syntax in dovecot to configure a second pop3 listener? Would it something like this?
service pop3-login { # POP3 for STARTTLS users inet_listener pop3 { port = 110 ssl = yes } # POP3 for no TLS inet_listener pop3 { port = xxx ssl = no } # POP3 for inet_listener pop3s { port = 993 ssl = required }
And shouldn't "inet_listener pop3s" really use ssl=required (as above), instead of ssl=yes (as shown in the default 10-master.conf file)?
Thanks, Michael