Re: [Dovecot] SSL only for external connections
On 9/30/2011 12:34 PM, Simon Brereton wrote:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Terry Carmen
If SSL/TLS works from the outside, but not the inside, you should probably find out why and fix that instead.
You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :)
You don't need TLS/SSL from the outside either, if this is strictly a webmail box. In this case, configure Apache/lighttpd+Horde to only accept HTTPS connections from the outside, and configure Horde to connect via the Dovecot localhost:143 listener. This is how I've been doing it with Roundcube for years. Works like a champ.
With encrypted sessions between browser and web server, and both Horde and Dovecot running on the same host, you don't need to, nor want to, use IMAPS.
-- Stan
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Stan Hoeppner On 9/30/2011 12:34 PM, Simon Brereton wrote:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Terry Carmen
If SSL/TLS works from the outside, but not the inside, you should probably find out why and fix that instead.
You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :)
You don't need TLS/SSL from the outside either, if this is strictly a webmail box. In this case, configure Apache/lighttpd+Horde to only accept HTTPS connections from the outside, and configure Horde to connect via the Dovecot localhost:143 listener. This is how I've been doing it with Roundcube for years. Works like a champ.
It's not strictly a webmail box though. IMAP clients (fixed and mobile) connect to it. So what I'd like is IMAP, IMAPS, POP3 and POP3S on the outside and IMAP only on the local host (there's no actual reason to offer POP to the localhost either...
With encrypted sessions between browser and web server, and both Horde and Dovecot running on the same host, you don't need to, nor want to, use IMAPS.
Makes sense.
Simon
participants (2)
-
Simon Brereton
-
Stan Hoeppner