[Dovecot] Ok, I've given up

Chuck McManis chuck.mcmanis at gmail.com
Thu Jun 17 18:16:27 EEST 2010


Thanks Timo.
--Chuck


On Thu, Jun 17, 2010 at 4:34 AM, Timo Sirainen <tss at iki.fi> wrote:

> On 17.6.2010, at 6.59, Chuck McManis wrote:
>
> > First, part of this effort was to move off of an APOP infrastructure into
> > something more secure against password eavesdropping. To that end I've
> > configured Dovecot with simply:
> >
> > protocols = pop3
> > service pop3-login {
> >  inet_listener pop3s {
> >    port = 995
> >    ssl = yes
> >  }
> > }
> >
> > Note that there is NO port = 110 listener and yet Dovecot seems to listen
> > there anyway.
>
> Yes, it's doing that by default. If you want to disable it, use
>
> service pop3-login {
>  inet_listener pop3 {
>    port = 0
>   }
> }
>
> > My question, can I be sure that it is not accepting non-SSL
> > based connections?
>
> disable_plaintext_auth = yes is also default, so it won't allow users to
> log in via non-SSL anyway (with 110 port it requires starttls). Of course,
> this might not prevent some clients from trying to send the password anyway.
>
> > Question 2) Is there any way to run dovecot from tcpserver ?
>
> v1.x yes (but there have been some problems), v2.0 no.
>
> > One of the things I like is the program tcpserver. I like it because I
> can
> > simply "not allow" large chunks of the internet to connect at all to
> certain
> > ports.
>
> v2.0 supports tcpwrappers if that helps.


More information about the dovecot mailing list