Sven Strickroth <sven@cs-ware.de> writes:

in /etc/dovecot/conf.d/10-master.conf I have restricted IMAP to localhost only:

service imap-login { inet_listener imap { address = 127.0.0.1 #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } }

However, /lib/systemd/system/dovecot.socket make it listen on 0.0.0.0:143 and [::]:143 causing the service being available to the public which it should not. - IMHO this is a security issue.

I don't know much about systemd, but you'll probably need dovecot configuration

listen = 127.0.0.1

Joseph Tam <jtam.home@gmail.com>