On 6/14/06, M. Fioretti mfioretti@mclink.it wrote:

Hello,

I have not clear, due to the new syntax, how to configure dovecot 1.0 to listen only for the following combinations of ports and services:

no pop3, from whatever host

Well, for a start protocols = imap imaps pop3s

accept imap connections only if coming from localhost (since I understand this is secure _and_ the only way to make squirrelmail talk to dovecot)

listen = 127.0.0.1

listen on the internet only for imaps and pop3s connections, accept them only if DIGEST-MD5 authentication succeeds.

THEN, I think the following is what you want

# If you want to specify ports for each service, you will need to configure # these settings inside the protocol imap/pop3 { ... } section, so you can # specify different ports for IMAP/POP3. For example: protocol imap { listen = 127.0.0.1 ssl_listen = * } protocol pop3 { ssl_listen = * }

(I'm fairly sure the ssl_listen is the one for imaps and pop3s)

Not 100% sure the exact setup of the auth section, but you'll want something along the lines of

auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi mechanisms = digest-md5 .... I THINK that you can have a auth imap and auth imaps section's, but I'm not 100% sure. Someone else who knows better can probably let us know. I couldn't find anything about it on the wiki, in my quick looks. If you don't mind everything, including local imap, using digest-md5, then what I've given will work. If you want local imap to use plain, and everything else to use digest-md5, then you'll have to play around.

Just a note, from what I have heard, there is nothing wrong with using plain over SSL links, as SSL is fairly secure, and it's just a waste of time using digest-md5 over ssl. Once again, someone else a bit more in the know can hopefully give us more info on that.

Hope that helps

Tim

-- Linux Counter user #273956