Thanks Timo.
--Chuck
On Thu, Jun 17, 2010 at 4:34 AM, Timo Sirainen <t...@iki.fi> wrote:
> On 17.6.2010, at 6.59, Chuck McManis wrote:
>
> > First, part of this effort was to move off of an APOP infrastructure into
> > something more secure against password eavesdropping. To that end I've
> > configured Dovecot with simply:
> >
> > protocols = pop3
> > service pop3-login {
> > inet_listener pop3s {
> > port = 995
> > ssl = yes
> > }
> > }
> >
> > Note that there is NO port = 110 listener and yet Dovecot seems to listen
> > there anyway.
>
> Yes, it's doing that by default. If you want to disable it, use
>
> service pop3-login {
> inet_listener pop3 {
> port = 0
> }
> }
>
> > My question, can I be sure that it is not accepting non-SSL
> > based connections?
>
> disable_plaintext_auth = yes is also default, so it won't allow users to
> log in via non-SSL anyway (with 110 port it requires starttls). Of course,
> this might not prevent some clients from trying to send the password anyway.
>
> > Question 2) Is there any way to run dovecot from tcpserver ?
>
> v1.x yes (but there have been some problems), v2.0 no.
>
> > One of the things I like is the program tcpserver. I like it because I
> can
> > simply "not allow" large chunks of the internet to connect at all to
> certain
> > ports.
>
> v2.0 supports tcpwrappers if that helps.
