On Tue, 2012-05-29 at 15:09 +0100, William Gallafent wrote:
Hi All,
I'm running dovecot 2.0.19.
I currently have remote users access mail using IMAP over SSL, with their client certificates being both required and verified. I do this using "ssl = required" and "ssl_verify_client_cert = yes".
And I guess you also have auth_ssl_require_client_cert=yes.
I would now like to add a webmail front-end (squirrelmail) running on the same server. In order to achieve this I would like to have squirrelmail connecting locally using IMAP, but without the certificate requirement. I'm happy to use the standard IMAP port for this, since that port is firewalled so that only localhost has access.
Do I need to run two separate dovecot instances in order to achieve this, or can I somehow configure different SSL requirements for the two ports? Is there a way to have the ssl directives I mention above active only for a certain port (or for certain hosts, i.e. non-local?)
You could work around ssl=required by setting the webmail's IP to login_trusted_networks, but it won't get around requiring a valid SSL cert. For that you'd need to put it inside remote <IP> {} block, but unfortunately you can't currently change auth settings for specific IPs. So for now you'd need to run two Dovecot instances.