Re: [Dovecot] SSL only for external connections
On Sun, 2 Oct 2011, Simon Brereton writes:
I don't have that file. Part of the problem is that I'm confused between protocols and wrappers and interfaces :) Dick and Michael have persuaded me that it's just easier to for Horde not to ask for TLS on port 143 - because that's in fact what I was doing - and it's pointless.
Nonetheless, I think it would be nice to tell Dovecot listen on the local interface for IMAP. Listen on the external interface for IMAP, IMAPS, POP and POP3S. But if there's not simple way to do that I don't have a valid use-case for doing it right now.
I got into this thread rather late so maybe I missed something here.
If you have different policies for your interface, you can run two different instances of dovecot (with 2 different base directories and sets of configuration files).
I haven't tried it, but maybe it's also possible have interface specific CAPA strings and remove STARTTLS. Dovecot will support unencrypted sessions over the localhost interface, but your webmail seems to opportunistcally use it when offered, so don't offer it.
Joseph Tam jtam.home@gmail.com
participants (1)
-
Joseph Tam