Re: [Dovecot] SSL only for external connections
Quoting Simon Brereton simon.brereton@buongiorno.com:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Stan Hoeppner On 9/30/2011 12:34 PM, Simon Brereton wrote:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Terry Carmen
If SSL/TLS works from the outside, but not the inside, you should probably find out why and fix that instead.
You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :)
You don't need TLS/SSL from the outside either, if this is strictly a webmail box. In this case, configure Apache/lighttpd+Horde to only accept HTTPS connections from the outside, and configure Horde to connect via the Dovecot localhost:143 listener. This is how I've been doing it with Roundcube for years. Works like a champ.
It's not strictly a webmail box though. IMAP clients (fixed and
mobile) connect to it. So what I'd like is IMAP, IMAPS, POP3 and
POP3S on the outside and IMAP only on the local host (there's no
actual reason to offer POP to the localhost either...
You can also configure the MUA (e.g. Horde) to not use a secure
connection, as opposed to turning off features on the server level.
michael
On 09/30/2011 11:17 AM, Michael M Slusarz wrote:
Quoting Simon Brereton simon.brereton@buongiorno.com:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Stan Hoeppner On 9/30/2011 12:34 PM, Simon Brereton wrote:
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot- bounces@dovecot.org] On Behalf Of Terry Carmen
If SSL/TLS works from the outside, but not the inside, you should probably find out why and fix that instead.
You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :)
You don't need TLS/SSL from the outside either, if this is strictly a webmail box. In this case, configure Apache/lighttpd+Horde to only accept HTTPS connections from the outside, and configure Horde to connect via the Dovecot localhost:143 listener. This is how I've been doing it with Roundcube for years. Works like a champ.
It's not strictly a webmail box though. IMAP clients (fixed and mobile) connect to it. So what I'd like is IMAP, IMAPS, POP3 and POP3S on the outside and IMAP only on the local host (there's no actual reason to offer POP to the localhost either...
You can also configure the MUA (e.g. Horde) to not use a secure connection, as opposed to turning off features on the server level.
michael
This makes the most sense to me. The client should decide what to use. FWIW.
-Eric 'shubes'
participants (2)
-
Eric Shubert
-
Michael M Slusarz