[Dovecot] SSL only for external connections

Eric Shubert ejs at shubes.net
Fri Sep 30 22:55:32 EEST 2011


On 09/30/2011 11:17 AM, Michael M Slusarz wrote:
> Quoting Simon Brereton <simon.brereton at buongiorno.com>:
>
>>> -----Original Message-----
>>> From: dovecot-bounces at dovecot.org [mailto:dovecot-
>>> bounces at dovecot.org] On Behalf Of Stan Hoeppner
>>> On 9/30/2011 12:34 PM, Simon Brereton wrote:
>>> >> -----Original Message-----
>>> >> From: dovecot-bounces at dovecot.org [mailto:dovecot-
>>> >> bounces at dovecot.org] On Behalf Of Terry Carmen
>>> >
>>> >>
>>> >> If SSL/TLS works from the outside, but not the inside, you should
>>> >> probably find out why and fix that instead.
>>> >
>>> > You'd think so - but since I don't actually need TLS from the
>>> inside,
>>> > and given my skill level - disabling it seems easier :)
>>>
>>> You don't need TLS/SSL from the outside either, if this is strictly a
>>> webmail box. In this case, configure Apache/lighttpd+Horde to only
>>> accept HTTPS connections from the outside, and configure Horde to
>>> connect via the Dovecot localhost:143 listener. This is how I've
>>> been doing it with Roundcube for years. Works like a champ.
>>
>> It's not strictly a webmail box though. IMAP clients (fixed and
>> mobile) connect to it. So what I'd like is IMAP, IMAPS, POP3 and POP3S
>> on the outside and IMAP only on the local host (there's no actual
>> reason to offer POP to the localhost either...
>
> You can also configure the MUA (e.g. Horde) to not use a secure
> connection, as opposed to turning off features on the server level.
>
> michael
>
>

This makes the most sense to me. The client should decide what to use.
FWIW.
-- 
-Eric 'shubes'




More information about the dovecot mailing list