[Dovecot] secure pop for outside pop inside
Hi all,
I've a server with dovecot running in secure pop mode. For connections from the outside world, I don't want to enable pop. However, this machine is also the host for a vserver. In this vserver I have a webserver running the WebGUI Content Management System. One can add content via email. For this the cms has to be able to check a pop emailbox. The cms doesn't support secure pop. It's not nescessary either, because dovecot and cms are on the same machine.
How can I configure Dovecot in such a way that I can enable pop just for one ip-adress and have secure pop for connections on another adress?
Any help would be very much appreciated.
Kind regards, Arjan
Dear all,
Is it possible to enable pop only for a specific ip and enable spop for every other ip? I've a vserver in which an application can check mail via pop, but not spop. And I don't like to enable pop for the outside world.
Kind regards, Arjan
On Mon, 2007-07-09 at 22:29 +0200, arjan wrote:
Dear all,
Is it possible to enable pop only for a specific ip and enable spop for every other ip? I've a vserver in which an application can check mail via pop, but not spop. And I don't like to enable pop for the outside world.
a) Firewall. Probably a better idea.
b) Fail authentication if non-secure authentication comes from outside world. If you're using SQL as passdb this would be easy. With anything else probably not. %r and %c variables anyway allow this (http://wiki.dovecot.org/Variables)
Dear Timo,
Thanx for your reply. But I can't immediately act on your answer.
Is it possible to enable pop only for a specific ip and enable spop for every other ip? I've a vserver in which an application can check mail via pop, but not spop. And I don't like to enable pop for the outside world.
a) Firewall. Probably a better idea. Yes, I will request to disable the ports 110 and 143 in the firewall, but since we don't manage the firewall ourselves, I would also be able to configure this in Dovecot.
b) Fail authentication if non-secure authentication comes from outside world. Clear, that's what I would like. But how? How do I differentiate? How can I say if this, then that?
I'm using passwd: auth_userdb = passwd auth_passdb = pam
Do I do something within protocol pop3 {
} But how can I make an if/then-like statement so that I can use:
If you're using SQL as passdb this would be easy. With anything else probably not. %r and %c variables anyway allow this (http://wiki.dovecot.org/Variables)
It's not possible to do this I've discovered: protocols = pop3 pop3s disable_plaintext_auth = yes (...) userdb static { args = uid=1005 gid=1005 allow_all_users=yes disable_plaintext_auth=no }
Here I tried to make siable_plaintext_auth different for a specific user.
Kind regards, Arjan.
participants (2)
-
arjan
-
Timo Sirainen