On 17.6.2010, at 6.59, Chuck McManis wrote:
First, part of this effort was to move off of an APOP infrastructure into something more secure against password eavesdropping. To that end I've configured Dovecot with simply:
protocols = pop3 service pop3-login { inet_listener pop3s { port = 995 ssl = yes } }
Note that there is NO port = 110 listener and yet Dovecot seems to listen there anyway.
Yes, it's doing that by default. If you want to disable it, use
service pop3-login { inet_listener pop3 { port = 0 } }
My question, can I be sure that it is not accepting non-SSL based connections?
disable_plaintext_auth = yes is also default, so it won't allow users to log in via non-SSL anyway (with 110 port it requires starttls). Of course, this might not prevent some clients from trying to send the password anyway.
Question 2) Is there any way to run dovecot from tcpserver ?
v1.x yes (but there have been some problems), v2.0 no.
One of the things I like is the program tcpserver. I like it because I can simply "not allow" large chunks of the internet to connect at all to certain ports.
v2.0 supports tcpwrappers if that helps.