> On 19/01/2026 05:51 EET r.barclay--- via dovecot <[email protected]> wrote: > > > Hi, > > I'm setting up a new IMAPS server using Dovecot 2.4 at the moment. > I'd like my network internal users to authenticate using GSSAPI. > The server is also exposed to the Internet for smart phone email access. I > want to offer PLAIN login only for external users as they can't be legitimate > internal Kerberos users. (Just as an additional layer of security.) > > Would this approach work? > > service imap-login { > inet_listener imaps_external { > port = 1993 > ssl = yes > auth_mechanisms = plain login > } > inet_listener imaps_internal { > port = 7993 > ssl = yes > auth_mechanisms = plain login gssapi > } > } > > Then I'd allow only port 1993 externally and keep port 7993 for the LAN. > > Thank you for your advice! > Reg
Hi, that unfortunately will not work. You probably get best results by having a backend and two proxies, one for external and one for internal users. Aki _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
