Of course! and thank you.
Reg.
Wednesday, March 17, 2010, 8:53:08 AM, you wrote:
> Use the following in /etc/cyrus.conf:
> imap cmd="imapd" listen="[127.0.0.1]:imap" prefork={number}
> imaps cmd="imapd -s" listen="imaps" prefork={number}
> That will allow connections to port 143 from localhost only and to port
> 993 from anywhere. That first entry is also required for cyradm to work
> on the local box unless you've got a version with SSL support. We also
> run Horde on separate servers, so that uses port 993. However our
> Luminis portal's email client doesn't support SSL or TLS, so we use a
> dedicated crossover cable between servers in this case and have an imap
> instance bind to the private link's interface in the same manner as the
> localhost example above.
> Rafe
> Nybbles2Byte wrote:
>> Hello Raphael,
>> Thanks but I'm not looking to restrict access just to the LAN. I'm
>> looking to allow unencrypted access via localhost (and as a bonus via
>> the LAN but not necessary) but only encrypted access via the WAN. Which
>> I believe boils down to port 143 for localhost and 993 for the WAN.
>> This allows me to have an application like horde which I can use for web
>> mail to talk with cyrus unencrypted being on the same server while
>> remote users being required to have a secure line. After all, why make
>> the server encrypt communications to talk to itself? That's just chewing
>> up resources for no good reason.
>> Wednesday, March 17, 2010, 8:11:10 AM, you wrote:
>> *> Use the following as the only "imapd" command configured in
>>> /etc/cyrus.conf to accept connections from localhost only:
>>> imap cmd="imapd" listen="[127.0.0.1]:imap" prefork={number}
>>> You can restrict access to hosts from the LAN without using the firewall
>>> using at least a couple of methods:
>>> 1) Assuming cyrus was compiled with libwrap support, you can restrict
>>> access to the imap service in /etc/hosts.allow (or /etc/hosts.deny).
>>> 2) If the LAN you mentioned below is private (no access from other
>>> subnets and networks), you can use the following in /etc/cyrus.conf in
>>> addition to the entry I mentioned above:
>>> imap cmd="imapd" listen="[{LAN-interface-address}]:imap"
>>> prefork={number}
>>> Nybbles2Byte wrote:
>>> > Hello Info-cyrus,
>>> > Is there a way to tell cyrus to accept non-encrypted port 143 queries
>>> > from localhost (and perhaps the LAN) but not remotely? I guess you
>>> > could allow unencrypted requests in cyrus but block 143 in your firewall
>>> > but I am wondering if there is purely cyrus settings solution.
>>> > /--
>>> > Nybbles2Byte mailto:nybbles2byte@xxxxxxxxx/
>>> > /
>>> > /
>>> > ------------------------------------------------------------------------
>>> > /
>>> > ----
>>> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html/
>> */--
>> Nybbles2Byte mailto:nybbles2byte@xxxxxxxxx/
--
Nybbles2Byte mailto:nybbles2byte@xxxxxxxxx
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html