[Dovecot] Dynamic server address
---------- Forwarded message ---------- From: Alan Premselaar <alien@12inch.com> Date: Aug 8, 2006 9:56 AM Subject: Re: [Dovecot] Dynamic server address To: kresimir.tonkovic@gmail.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Kresimir Tonkovic wrote:
On 8/8/06, *Johannes Berg* <johannes@sipsolutions.net <mailto:johannes@sipsolutions.net>> wrote:
Kresimir Tonkovic wrote: > My mail server (ubuntu breezey badger) is connected by ADSL and has
a
> dynamic address. I have noticed that, every day after the IP address > changes, dovecot is no longer reachable from the net. Iguess this is > because dovecot doesn't register this change and continues to listen > on a non-existing interface/address. > Any comments? Just make it listen on 0.0.0.0 <http://0.0.0.0>? johannes
Not an option. I want local users to connect by pop3 and remote by pop3s.
-- kresho
Kreshmir,
You should still be able to achieve that by using tcpwrappers or iptables to restrict access on the appropriate networks.
Alan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE2EPDE2gsBSKjZHQRAv/jAKDkf/E2nlZ5+aNeTHuMdX2iw46tyACfTp5w lnQZjQnRtG6O0hB6gFq0tjk= =xgKj -----END PGP SIGNATURE-----
Alan, I believe we should keep the discussion on the list :-) Please "reply all"
Correct me if I'm wrong, by default POP3 and POP3+SSL both work at the same port, 110. I want to let local users connect by plain POP3 and external users to use POP3+SSL. I don't see how I can set this up using iptables and tcpwrappers. Can you please provide more details?
kresho
Kresimir Tonkovic wrote:
Correct me if I'm wrong, by default POP3 and POP3+SSL both work at the same port, 110. I want to let local users connect by plain POP3 and external users to use POP3+SSL. I don't see how I can set this up using iptables and tcpwrappers. Can you please provide more details? Ah, so you don't want to use pop3s but pop3+starttls. Just tell dovecot to deny any password when used over insecure connections. local connections are considered secure.
johannes
On 8/8/06, Johannes Berg <johannes@sipsolutions.net> wrote:
Kresimir Tonkovic wrote:
Correct me if I'm wrong, by default POP3 and POP3+SSL both work at the same port, 110. I want to let local users connect by plain POP3 and external users to use POP3+SSL. I don't see how I can set this up using iptables and tcpwrappers. Can you please provide more details? Ah, so you don't want to use pop3s but pop3+starttls. Just tell dovecot to deny any password when used over insecure connections. local connections are considered secure.
johannes
I'm sorry, I'm new to dovecot, it seems my terminology is all wrong :-)
I assumed pop3s is pop3+ssl is pop3 over ssl.
In my config file (just an excerpt):
protocols = pop3 pop3s pop3_listen = 192.168.0.1 pop3s_listen = elag.hr
elag.hr is my domain name. It resolves to the current external IP address.
So when I connect from outside, my email client asks me to verify a ssl certificate. This enforced me to believe pop3s is pop3 over ssl, or as I called it above pop3+ssl.
If I'm wrong, what is pop3+starttls?
kresho
I assumed pop3s is pop3+ssl is pop3 over ssl. Yes, it is, but pop3s uses a different port than pop3. Try netstat -ltnp on your server :)
protocols = pop3 pop3s pop3_listen = 192.168.0.1 <http://192.168.0.1> pop3s_listen = elag.hr <http://elag.hr> Just change that to
Kresimir Tonkovic wrote: pop3+tls is the recommended way of doing encryption now, which uses the same port as pop3 (110) but has a special STLS (I think) command to "upgrade" an unencrypted connection to a secure one. pop3s_listen = 0.0.0.0 and you should be fine completely if you want to continue using pop3s. If you want to switch to pop3+tls then you don't need pop3s at all.
johannes
On 8/8/06, Johannes Berg <johannes@sipsolutions.net> wrote:
I assumed pop3s is pop3+ssl is pop3 over ssl. Yes, it is, but pop3s uses a different port than pop3. Try netstat -ltnp on your server :)
protocols = pop3 pop3s pop3_listen = 192.168.0.1 <http://192.168.0.1> pop3s_listen = elag.hr <http://elag.hr> Just change that to
Kresimir Tonkovic wrote: pop3+tls is the recommended way of doing encryption now, which uses the same port as pop3 (110) but has a special STLS (I think) command to "upgrade" an unencrypted connection to a secure one. pop3s_listen = 0.0.0.0 and you should be fine completely if you want to continue using pop3s. If you want to switch to pop3+tls then you don't need pop3s at all.
johannes
Ok, if I switch to pop3+tls, how do I configure that in email clients? It seems that if I check "use SSL" in Outlook, Evolution, they connect to port 995 (pop3s).
kresho
On 8/8/06, Johannes Berg <johannes@sipsolutions.net> wrote:
I assumed pop3s is pop3+ssl is pop3 over ssl. Yes, it is, but pop3s uses a different port than pop3. Try netstat -ltnp on your server :)
protocols = pop3 pop3s pop3_listen = 192.168.0.1 <http://192.168.0.1> pop3s_listen = elag.hr <http://elag.hr> Just change that to
Kresimir Tonkovic wrote: pop3+tls is the recommended way of doing encryption now, which uses the same port as pop3 (110) but has a special STLS (I think) command to "upgrade" an unencrypted connection to a secure one. pop3s_listen = 0.0.0.0 and you should be fine completely if you want to continue using pop3s. If you want to switch to pop3+tls then you don't need pop3s at all.
johannes
By the way, pop3s_listen = 0.0.0.0 works. Thanks.
Is that different from pop3s_listen = * ?
-- kresho
participants (2)
-
Johannes Berg
-
Kresimir Tonkovic