non-encrypted for local queries

Nybbles2Byte nybbles2byte at
Wed Mar 17 11:58:18 EDT 2010

Hello Raphael,

Of course! and thank you.


Wednesday, March 17, 2010, 8:53:08 AM, you wrote:

> Use the following in /etc/cyrus.conf:

> imap          cmd="imapd" listen="[]:imap" prefork={number}

> imaps         cmd="imapd -s" listen="imaps" prefork={number}

> That will allow connections to port 143 from localhost only and to port
> 993 from anywhere.  That first entry is also required for cyradm to work
> on the local box unless you've got a version with SSL support.  We also
> run Horde on separate servers, so that uses port 993.  However our 
> Luminis portal's email client doesn't support SSL or TLS, so we use a 
> dedicated crossover cable between servers in this case and have an imap
> instance bind to the private link's interface in the same manner as the
> localhost example above.

> Rafe

> Nybbles2Byte wrote:
>> Hello Raphael,

>> Thanks but I'm not looking to restrict access just to the LAN. I'm 
>> looking to allow unencrypted access via localhost (and as a bonus via 
>> the LAN but not necessary) but only encrypted access via the WAN. Which 
>> I believe boils down to port 143 for localhost and 993 for the WAN. 

>> This allows me to have an application like horde which I can use for web 
>> mail to talk with cyrus unencrypted being on the same server while 
>> remote users being required to have a secure line. After all, why make 
>> the server encrypt communications to talk to itself? That's just chewing 
>> up resources for no good reason.

>> Wednesday, March 17, 2010, 8:11:10 AM, you wrote:

>> *> Use the following as the only "imapd" command configured in 
>>>  /etc/cyrus.conf to accept connections from localhost only:

>>>  imap          cmd="imapd" listen="[]:imap" prefork={number}

>>>  You can restrict access to hosts from the LAN without using the firewall
>>>  using at least a couple of methods:

>>>  1) Assuming cyrus was compiled with libwrap support, you can restrict 
>>>  access to the imap service in /etc/hosts.allow (or /etc/hosts.deny).

>>>  2) If the LAN you mentioned below is private (no access from other 
>>>  subnets and networks), you can use the following in /etc/cyrus.conf in
>>>  addition to the entry I mentioned above:

>>>  imap          cmd="imapd" listen="[{LAN-interface-address}]:imap" 
>>>  prefork={number}

>>>  Nybbles2Byte wrote:
>>> > Hello Info-cyrus,

>>> > Is there a way to tell cyrus to accept non-encrypted port 143 queries 
>>> > from localhost (and perhaps the LAN) but not  remotely? I guess you 
>>> > could allow unencrypted requests in cyrus but block 143 in your firewall 
>>> > but I am wondering if there is purely cyrus settings solution.

>>> > /-- 
>>> > Nybbles2Byte                          mailto:nybbles2byte at

>>> > /
>>> > /
>>> > ------------------------------------------------------------------------
>>> > /
>>> > ----
>>> > Cyrus Home Page:
>>> > Cyrus Wiki/FAQ:
>>> > List Archives/Info:

>> */-- 
>>  Nybbles2Byte                            mailto:nybbles2byte at

 Nybbles2Byte                            mailto:nybbles2byte at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list