[Dovecot] Force STARTTLS on port 143 for !internalnetwork

Timo Sirainen tss at iki.fi
Wed Feb 9 17:12:04 EET 2011


On 9.2.2011, at 15.09, Nick Rosier wrote:

>> How can I force users which are connecting from OUTSIDE our newtworks
>> to user STARTTLS on Port 143?
>> 
>> Right now we resort to IMAPS on port 993, but an additional STARTTLS
>> enabled login on the default port would make things easier!
>> 
> You can probably add login_trusted_networks = localnet
> 
> IIRC this allows for unsecure login from your localnet but forces all other networks to use a secure authentication method (e.g. SSL, STARTTLS, CRAM or DIGEST).

I think that'll work, yes, but it has the additional feature of allowing clients from localnet to fake their IP address.

In v2.0 you can do:

disable_plaintext_auth = yes
local 10.0.0.0/24 {
  disable_plaintext_auth = no
}



More information about the dovecot mailing list