Refuse IMAP without encryption

Andrew Morgan morgan at
Tue Apr 23 14:24:31 EDT 2013

On Tue, 23 Apr 2013, Paul van der Vlis wrote:

> Hello,
> Is it possible to refuse IMAP-access without encryption like TLS or SSL?
> I think this would be a good idea for security.
> And I would like to make an exception for localhost for the webmail. The
> webmail (Sogo) can do TLS or SSL, but normally I don't do that for
> localhost.
> I am using Cyrus 2.4.16 from Debian 7 (Wheezy).

You can create a second service entry for imapd in cyrus.conf.  Have it 
listen on localhost and on a different port, such as 1143.  In imapd.conf, 

   <service_name>_allowplaintext: 1

Where <service_name> is the name of the localhost service in cyrus.conf. 
For example:

   localimap cmd="/usr/local/cyrus/bin/imapd" listen="localhost:1143" proto="tcp4" prefork=10 maxchild=100

Then in imapd.conf:

   localimap_allowplaintext: 1


More information about the Info-cyrus mailing list