On 08/25/2014 08:26 AM, Jochen Bern wrote:

Well, if offering the*exact same* functionality on a second port is all that needs to be done, having the server's host firewall (iptables?) duplicate the NAT on your border firewall for internal accesses should do just fine; no need to majick it into the dovecot config (which opens the possibility of functional differences being introduced unintentionally).

Assuming Red Hat or similar with no conflicting iptables rules (yet),

iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143

iptables -t nat -A PREROUTING -p tcp --dport 30yyy -j DNAT --to :993

service iptables save

Regards, Since you're redirecting to a port on the same host, the following is perhaps more correct:

iptables -t nat -A PREROUTING -p tcp --dport 30143 -j REDIRECT --to-port 143