Well, if offering the*exact same* functionality on a second port is all that needs to be done, having the server's host firewall (iptables?) duplicate the NAT on your border firewall for internal accesses should do just fine; no need to majick it into the dovecot config (which opens the possibility of functional differences being introduced unintentionally).
Assuming Red Hat or similar with no conflicting iptables rules (yet),
# iptables -t nat -A PREROUTING -p tcp --dport 30xxx -j DNAT --to :143 # iptables -t nat -A PREROUTING -p tcp --dport 30yyy -j DNAT --to :993 # service iptables save
Regards, Since you're redirecting to a port on the same host, the following is
On 08/25/2014 08:26 AM, Jochen Bern wrote: perhaps more correct:
iptables -t nat -A PREROUTING -p tcp --dport 30143 -j REDIRECT --to-port 143