On 17.6.2010, at 6.59, Chuck McManis wrote:
> First, part of this effort was to move off of an APOP infrastructure into
> something more secure against password eavesdropping. To that end I've
> configured Dovecot with simply:
>
> protocols = pop3
> service pop3-login {
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
>
> Note that there is NO port = 110 listener and yet Dovecot seems to listen
> there anyway.
Yes, it's doing that by default. If you want to disable it, use
service pop3-login {
inet_listener pop3 {
port = 0
}
}
> My question, can I be sure that it is not accepting non-SSL
> based connections?
disable_plaintext_auth = yes is also default, so it won't allow users to log in
via non-SSL anyway (with 110 port it requires starttls). Of course, this might
not prevent some clients from trying to send the password anyway.
> Question 2) Is there any way to run dovecot from tcpserver ?
v1.x yes (but there have been some problems), v2.0 no.
> One of the things I like is the program tcpserver. I like it because I can
> simply "not allow" large chunks of the internet to connect at all to certain
> ports.
v2.0 supports tcpwrappers if that helps.
