On 17/03/10 10:11 -0500, Raphael Jaffey wrote:
>Use the following as the only "imapd" command configured in
>/etc/cyrus.conf to accept connections from localhost only:
>
>imap cmd="imapd" listen="[127.0.0.1]:imap" prefork={number}
>
>You can restrict access to hosts from the LAN without using the firewall
>using at least a couple of methods:
>
>1) Assuming cyrus was compiled with libwrap support, you can restrict
>access to the imap service in /etc/hosts.allow (or /etc/hosts.deny).
>
>2) If the LAN you mentioned below is private (no access from other
>subnets and networks), you can use the following in /etc/cyrus.conf in
>addition to the entry I mentioned above:
>
>imap cmd="imapd" listen="[{LAN-interface-address}]:imap"
>prefork={number}
Assuming that you have allowplaintext set to no, to disallow plaintext
logins externally, then you'll want to add a '-p xxx' to the cyrus.conf
entry that Raphael suggested (inside the cmd field), which will direct
imapd to assume there is some protection layer for your local/LAN
connections. See imapd(8).
--
Dan White
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
