Hi,

I have a simple dovecot installation, version 1.2.12 of ubuntu 10.10. I also have a straightforward newbie question! I've hunted in the wiki and on the wider web, but not yet found a solution.

Current status: I have successfully configured imap with tls, accessed on port 993, and for security require a valid client certificate to be presented, using ssl_require_client_cert and ssl_verify_client_cert. This is all working fine!

Now I want to add a SquirrelMail service to the same server. This will connect using IMAP over port 143, without TLS. My question is: how do I achieve this!

At the moment, I simply get the following in the logs:

Aborted login (cert required, client didn't start TLS): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

If I comment out the "ssl_require_client_cert = yes" in the auth default section, SquirrelMail then works fine … but I can also connect remotely without presenting a valid certificate, which is no good!

At the moment I have a single auth section in dovecot.conf, the "auth default { ... }" section. I wondered if I need a second section, which does not have the ssl requirement inside it. Is that right? If so, how do I link one auth section to the imaps service, and the other to the imap service (listening only on localhost)?

In other words, I want "ssl_require_client_cert = yes" for remote connections (on port 993), but "ssl_require_client_cert = no" for local connections using non-tls imap on port 143. Is this possible?

Hope that late-night explanation makes sense, and hope somebody can point me in the right direction, thanks in advance!

-- Bill Gallafent.