[Dovecot] SSL only for external connections

Joseph Tam jtam.home at gmail.com
Tue Oct 4 03:05:32 EEST 2011


On Sun, 2 Oct 2011, Simon Brereton writes:

> I don't have that file.  Part of the problem is that I'm confused
> between protocols and wrappers and interfaces :) Dick and Michael have
> persuaded me that it's just easier to for Horde not to ask for TLS on
> port 143 - because that's in fact what I was doing - and it's
> pointless. 
> 
> Nonetheless, I think it would be nice to tell Dovecot listen on the
> local interface for IMAP.  Listen on the external interface for IMAP,
> IMAPS, POP and POP3S.  But if there's not simple way to do that I don't
> have a valid use-case for doing it right now.

I got into this thread rather late so maybe I missed something here.

If you have different policies for your interface, you can run two
different instances of dovecot (with 2 different base directories and
sets of configuration files).

I haven't tried it, but maybe it's also possible have interface specific
CAPA strings and remove STARTTLS.  Dovecot will support unencrypted
sessions over the localhost interface, but your webmail seems to
opportunistcally use it when offered, so don't offer it.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list