controlling STARTTLS by IP address
Michael Fox
news at mefox.org
Fri Jul 15 06:52:16 UTC 2016
> > I just thought to remind people that with some firewalls, there's always
> a way
> > to perform "silent" redirections using the DNAT target in the PREROUTING
> > table, i.e.,:
> >
> > -t nat -A PREROUTING -i ${EXTIF} -s ${NOTLSSOURCES} -p tcp --dport 110 \
> > --syn -j DNAT --to-destination ${DOVECOT}:${NOTLSPOP3PORT}
> >
>
> That is basically what I meant without enough detail I guess.
>
Yes. Good point. And thanks for the clarification.
As a Dovecot newbie, I'm curious. What would be the syntax in dovecot to
configure a second pop3 listener? Would it something like this?
service pop3-login {
# POP3 for STARTTLS users
inet_listener pop3 {
port = 110
ssl = yes
}
# POP3 for no TLS
inet_listener pop3 {
port = xxx
ssl = no
}
# POP3 for
inet_listener pop3s {
port = 993
ssl = required
}
And shouldn't "inet_listener pop3s" really use ssl=required (as above),
instead of ssl=yes (as shown in the default 10-master.conf file)?
Thanks,
Michael
More information about the dovecot
mailing list