Re: [Dovecot] SSL only for external connections
On 09/30/11 20:25, Simon Brereton wrote:
But the question remains - if only because it's now there - how does one limit services effectively in Dovecot. In Courier it was fairly easy and well documented. There's no reason for me to offer IMAPS or POP3S to localhost (because of the certificate issue) and there's also no reason for me to offer POP3 to localhost either.
For posterity and for my own edification it would be nice to know how to do that.
I don't think you can do that. However if you don't want to use tls/ssl just connect to port 143 plain.
I don't know about horde but Roundcube you use tls://localhost, ssl://locahost or just localhost.
i.e the choice is with the client not the server.
Dick
On 09/30/11 20:25, Simon Brereton wrote:
But the question remains - if only because it's now there - how
does one limit services effectively in Dovecot. In Courier it was
fairly easy and well documented. There's no reason for me to offer
IMAPS or POP3S to localhost (because of the certificate issue) and
there's also no reason for me to offer POP3 to localhost either.For posterity and for my own edification it would be nice to know
how to do that.
You can specify what ports and interfaces the various services listen
on with the
inet_listener configuration block and the "address" and "port"
configuration items in the 10-master.conf configuration file.
Terry
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Terry Carmen
On 09/30/11 20:25, Simon Brereton wrote:
But the question remains - if only because it's now there - how does one limit services effectively in Dovecot. In Courier it was fairly easy and well documented. There's no reason for me to offer IMAPS or POP3S to localhost (because of the certificate issue) and there's also no reason for me to offer POP3 to localhost either.
For posterity and for my own edification it would be nice to know how to do that.
You can specify what ports and interfaces the various services listen on with the inet_listener configuration block and the "address" and "port" configuration items in the 10-master.conf configuration file.
I don't have that file. Part of the problem is that I'm confused between protocols and wrappers and interfaces :) Dick and Michael have persuaded me that it's just easier to for Horde not to ask for TLS on port 143 - because that's in fact what I was doing - and it's pointless.
Nonetheless, I think it would be nice to tell Dovecot listen on the local interface for IMAP. Listen on the external interface for IMAP, IMAPS, POP and POP3S. But if there's not simple way to do that I don't have a valid use-case for doing it right now.
Thanks for all the input everyone!
Happy Weekend.
Simon
participants (3)
-
Dick Middleton
-
Simon Brereton
-
Terry Carmen