On 05/29/2013 01:13 PM, Reindl Harald wrote: > > Am 29.05.2013 12:41, schrieb Torben Schou Jensen: >> I can read how to setup older version of dovecot with SquirrelMail. >> >> They recommend to use uncrypted IMAP when SquirrelMail is on same server. >> >> What I would like to support is then imap, imaps, pop3 and pop3s. >> >> imaps and pop3s for external users. >> imap and pop3 only open for localhost, that is SquirrelMail on same machine. >> >> With dovecot 1 you could restrict access using >> "imap_listen = localhost" >> >> How do I make the same restriction with localhost on dovecot 2 ??? > > if it listens only on localhost how should "imaps and pop3s for external > users" work and additionally these days STARTTLS is recommended which > works on the default ports 110/143 > > why do you not simply *offer* encryption *or* use webmail also > with encryption? >
You should use imap with starttls (disable_plaintext_auth=yes) for the imap service, then use login_trusted_networks=<127.0.0.1/8 to allow webmail logins from localhost without ssl. Webmail doesn't use pop3, so no changes there. If you insist on using imaps and/or pop3s, then these can live alongside the above without problems. -- Tom
signature.asc
Description: OpenPGP digital signature