On 9.2.2011, at 15.09, Nick Rosier wrote: >> How can I force users which are connecting from OUTSIDE our newtworks >> to user STARTTLS on Port 143? >> >> Right now we resort to IMAPS on port 993, but an additional STARTTLS >> enabled login on the default port would make things easier! >> > You can probably add login_trusted_networks = localnet > > IIRC this allows for unsecure login from your localnet but forces all other > networks to use a secure authentication method (e.g. SSL, STARTTLS, CRAM or > DIGEST).
I think that'll work, yes, but it has the additional feature of allowing clients from localnet to fake their IP address. In v2.0 you can do: disable_plaintext_auth = yes local 10.0.0.0/24 { disable_plaintext_auth = no }