non-encrypted for local queries

Dan White dwhite at
Wed Mar 17 12:04:26 EDT 2010

On 17/03/10 10:11 -0500, Raphael Jaffey wrote:
>Use the following as the only "imapd" command configured in 
>/etc/cyrus.conf to accept connections from localhost only:
>imap          cmd="imapd" listen="[]:imap" prefork={number}
>You can restrict access to hosts from the LAN without using the firewall 
>using at least a couple of methods:
>1) Assuming cyrus was compiled with libwrap support, you can restrict 
>access to the imap service in /etc/hosts.allow (or /etc/hosts.deny).
>2) If the LAN you mentioned below is private (no access from other 
>subnets and networks), you can use the following in /etc/cyrus.conf in 
>addition to the entry I mentioned above:
>imap          cmd="imapd" listen="[{LAN-interface-address}]:imap" 

Assuming that you have allowplaintext set to no, to disallow plaintext
logins externally, then you'll want to add a '-p xxx' to the cyrus.conf
entry that Raphael suggested (inside the cmd field), which will direct
imapd to assume there is some protection layer for your local/LAN
connections. See imapd(8).

Dan White

More information about the Info-cyrus mailing list