[Dovecot] SSL only for external connections

Michael M Slusarz slusarz at curecanti.org
Fri Sep 30 21:17:18 EEST 2011


Quoting Simon Brereton <simon.brereton at buongiorno.com>:

>> -----Original Message-----
>> From: dovecot-bounces at dovecot.org [mailto:dovecot-
>> bounces at dovecot.org] On Behalf Of Stan Hoeppner
>> On 9/30/2011 12:34 PM, Simon Brereton wrote:
>> >> -----Original Message-----
>> >> From: dovecot-bounces at dovecot.org [mailto:dovecot-
>> >> bounces at dovecot.org] On Behalf Of Terry Carmen
>> >
>> >>
>> >> If SSL/TLS works from the outside, but not the inside, you should
>> >> probably find out why and fix that instead.
>> >
>> > You'd think so - but since I don't actually need TLS from the
>> inside,
>> > and given my skill level - disabling it seems easier :)
>>
>> You don't need TLS/SSL from the outside either, if this is strictly a
>> webmail box.  In this case, configure Apache/lighttpd+Horde to only
>> accept HTTPS connections from the outside, and configure Horde to
>> connect via the Dovecot localhost:143 listener.  This is how I've
>> been doing it with Roundcube for years.  Works like a champ.
>
> It's not strictly a webmail box though.  IMAP clients (fixed and  
> mobile) connect to it.  So what I'd like is IMAP, IMAPS, POP3 and  
> POP3S on the outside and IMAP only on the local host (there's no  
> actual reason to offer POP to the localhost either...

You can also configure the MUA (e.g. Horde) to not use a secure  
connection, as opposed to turning off features on the server level.

michael




More information about the dovecot mailing list