On 6/14/06, M. Fioretti mfioretti@mclink.it wrote:
Hello,
I have not clear, due to the new syntax, how to configure dovecot 1.0 to listen only for the following combinations of ports and services:
no pop3, from whatever host
Well, for a start protocols = imap imaps pop3s
accept imap connections only if coming from localhost (since I understand this is secure _and_ the only way to make squirrelmail talk to dovecot)
listen = 127.0.0.1
listen on the internet only for imaps and pop3s connections, accept them only if DIGEST-MD5 authentication succeeds.
THEN, I think the following is what you want
# If you want to specify ports for each service, you will need to configure # these settings inside the protocol imap/pop3 { ... } section, so you can # specify different ports for IMAP/POP3. For example: protocol imap { listen = 127.0.0.1 ssl_listen = * } protocol pop3 { ssl_listen = * }
(I'm fairly sure the ssl_listen is the one for imaps and pop3s)
Not 100% sure the exact setup of the auth section, but you'll want something along the lines of
auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi mechanisms = digest-md5 .... I THINK that you can have a auth imap and auth imaps section's, but I'm not 100% sure. Someone else who knows better can probably let us know. I couldn't find anything about it on the wiki, in my quick looks. If you don't mind everything, including local imap, using digest-md5, then what I've given will work. If you want local imap to use plain, and everything else to use digest-md5, then you'll have to play around.
Just a note, from what I have heard, there is nothing wrong with using plain over SSL links, as SSL is fairly secure, and it's just a waste of time using digest-md5 over ssl. Once again, someone else a bit more in the know can hopefully give us more info on that.
Hope that helps
Tim
-- Linux Counter user #273956