Or, in the event you're only allowing access to port 143 from loopback
and possibly a trusted LAN, you can also use:
imap_allowplaintext: yes
imap_sasl_minimum_layer: 0
in /etc/imapd.conf as port 993 is always protected.
We use
tls_cipher_list: !ADH:MEDIUM:HIGH
in /etc/imapd.conf, so sufficient encryption is required over SSL
connections anyway.
Rafe
Dan White wrote:
> On 17/03/10 10:11 -0500, Raphael Jaffey wrote:
>> Use the following as the only "imapd" command configured in
>> /etc/cyrus.conf to accept connections from localhost only:
>>
>> imap cmd="imapd" listen="[127.0.0.1]:imap" prefork={number}
>>
>> You can restrict access to hosts from the LAN without using the
>> firewall using at least a couple of methods:
>>
>> 1) Assuming cyrus was compiled with libwrap support, you can restrict
>> access to the imap service in /etc/hosts.allow (or /etc/hosts.deny).
>>
>> 2) If the LAN you mentioned below is private (no access from other
>> subnets and networks), you can use the following in /etc/cyrus.conf in
>> addition to the entry I mentioned above:
>>
>> imap cmd="imapd" listen="[{LAN-interface-address}]:imap"
>> prefork={number}
>
> Assuming that you have allowplaintext set to no, to disallow plaintext
> logins externally, then you'll want to add a '-p xxx' to the cyrus.conf
> entry that Raphael suggested (inside the cmd field), which will direct
> imapd to assume there is some protection layer for your local/LAN
> connections. See imapd(8).
>
--
___________________________________________________________________________
Raphael Jaffey E-mail: rjaffey@xxxxxxxxx
Director of Network Services
The Art Institute of Chicago Voice: (312) 629-6543
111 S. Michigan Ave, Chicago, IL 60603 FAX: (312) 641-3406
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
