On Tue, 9 Jan 2007 21:57:59 +0200 Timo Sirainen tss@iki.fi wrote:
I haven't hear of ipchains, I'll investigate.
iptables would be better, ipchains is from kernel 2.2 so it's deprecated.
It'd have to remove "STARTTLS" from CAPABILITY response. No idea if
it's actually capable of doing that.
The sane thing is simply to block all incoming traffic on port 143, then only port 993 is available. If this creates problems with other site policies, or external access if people need it, then it isn't a good solution.
--
Brian Morrison
bdm at fenrir dot org dot uk
"Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it."
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html