From 7fe517c328906d0f962c3dc33d7bc773f2348bb4 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 15 Dec 2013 23:46:29 +0100
Subject: Configure the webmail.

---
 roles/IMAP/files/etc/dovecot/conf.d/10-master.conf | 1 +
 roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf    | 8 ++++++++
 2 files changed, 9 insertions(+)

(limited to 'roles/IMAP/files/etc/dovecot')

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
index 51ed7c6..d477d01 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf
@@ -18,6 +18,7 @@ service imap-login {
   inet_listener imap {
     address = 172.16.0.1
     port = 143
+    ssl = no
   }
   inet_listener imaps {
     port = 993
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index a733e94..4eabe53 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -5,6 +5,14 @@
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
 ssl = required
 
+# No need for SSL if the packets are protected by IPSec.
+local 172.16.0.1 {
+    protocol imap {
+        disable_plaintext_auth = no
+        ssl = no
+    }
+}
+
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
-- 
cgit v1.2.3