[Dovecot] dovecot tls configuration
Hi,
I looked through the web and the list archives, but couldn't find how to set up the following:
- dovecot with ssl/tls enabled
- login from localhost allowed with and without tls
- login from remote hosts only allowed via tls
Is that possible at all? I'm using debian/unstable so its version 0.99.10.4-3.
Thanks, johannes
http://www.sipsolutions.de/ Key-ID: 9AB78CA5 Johannes Martin Berg <johannes@sipsolutions.de>
On Fri, Mar 26, 2004 at 08:17:24PM +0100, Johannes Berg wrote:
I looked through the web and the list archives, but couldn't find how to set up the following:
- dovecot with ssl/tls enabled
- login from localhost allowed with and without tls
- login from remote hosts only allowed via tls
I want this configuration as well. I set: imap_listen = 127.0.0.1 imaps_listen = * so that IMAP only binds to the localhost address, and IMAPS binds to all the interfaces.
Jim Tittsler wrote:
On Fri, Mar 26, 2004 at 08:17:24PM +0100, Johannes Berg wrote:
I looked through the web and the list archives, but couldn't find how to set up the following:
- dovecot with ssl/tls enabled
- login from localhost allowed with and without tls
- login from remote hosts only allowed via tls
I want this configuration as well. I set: imap_listen = 127.0.0.1 imaps_listen = * so that IMAP only binds to the localhost address, and IMAPS binds to all the interfaces.
It's possible to use tcpwrappers (hosts.allow and hosts.deny) or an iptables type filter as well if you want to be able to connect to your outside interface locally (for simplicity), but restrict other users. Not as "to the point" as above, but still functional.
HTH, -Rick
-- Rick Johnson, RHCE #807302311706007 - rjohnson@medata.com Linux/Network Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc
On Sat, 2004-03-27 at 00:18, Jim Tittsler wrote:
I want this configuration as well. I set: imap_listen = 127.0.0.1 imaps_listen = * so that IMAP only binds to the localhost address, and IMAPS binds to all the interfaces.
Thanks for your answer!
I had the same before, but I now wanted to use explicit TLS (ie. STARTTLS or whatever its called in IMAP). Sorry for not making that clearer.
johannes
http://www.sipsolutions.de/ Key-ID: 9AB78CA5 Johannes Martin Berg <johannes@sipsolutions.de>
On Sat, 27 Mar 2004, Jim Tittsler wrote:
On Fri, Mar 26, 2004 at 08:17:24PM +0100, Johannes Berg wrote:
I looked through the web and the list archives, but couldn't find how to set up the following:
- dovecot with ssl/tls enabled
- login from localhost allowed with and without tls
- login from remote hosts only allowed via tls
I want this configuration as well. I set: imap_listen = 127.0.0.1 imaps_listen = * so that IMAP only binds to the localhost address, and IMAPS binds to all the interfaces.
But imaps is not the same as imap/tls.
If you search the archives, you'll find a recipe from me for using a chrooted stunnel as an imap proxy which can do starttls negotiation. You can vary the flags which it is given at startup so that starttls can be optional or compulsory depending on the connecting address.
-- Charlie
A: Because we read from top to bottom, left to right. Q: Why should i start my reply below the quoted text?
participants (4)
-
Charlie Brady
-
Jim Tittsler
-
Johannes Berg
-
Rick Johnson