controlling STARTTLS by IP address
Edgar Pettijohn
edgar at pettijohn-web.com
Thu Jul 14 21:13:56 UTC 2016
Sent from my iPhone
> On Jul 14, 2016, at 3:56 PM, Michael Fox <news at mefox.org> wrote:
>
> On my POP3 server, I need to be able to control the use of STARTTLS by
> client IP address. Specifically:
>
> * Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have
> the option to use TLS. If the client tries to use STARTTLS, the option
> should be rejected. This is to satisfy US FCC rules regarding the use of
> encryption over certain radio frequencies.
> * All other internal clients (e.g., 192.168.0.0/16, but not 192.168.1.0/24)
> should be able to use STARTTLS if they choose to.
> * All external clients (0.0.0.0/0) will be required to use TLS.
>
> Is there a way to control which clients are allowed to use STARTTLS
> according to the client's IP address?
>
> Thanks,
> Michael
>
>
>
Seems like your firewall could redirect to a different port that doesn't offer starttls.
>
More information about the dovecot
mailing list