In a fully-working email server (setup with iRedmail in this case) with RoundCube for webmail, and Dovecot/Postfix/etc, how can you disable external client connections to IMAP/SMTP/POP3 and make the server webmail-only for email? I believe Roundcube connects directly to Dovecot for user authentication when logging in, so this makes it tricky.
I tried updating Dovecot SQL query in /etc/dovecot/dovecot-mysql.conf, to reject all IMAP requests if remote IP address is not the server which hosts Roundcube webmail (e.g. 127.0.0.1): Sample SQL query:
# Original SQL query in dovecot-mysql.conf:
#user_query = SELECT ... FROM mailbox,domain WHERE ...
# Modified:
user_query = SELECT ... FROM mailbox,domain WHERE ... AND '%r' = '127.0.0.1'
But this locked all users out from RoundCube login. Removing it (and restarting dovecot service) instantly allowed login again. Is there another way?
Best Answer
Does it work to put
listen = 127.0.0.1in /etc/dovecot/dovecot.conf?Also, in roundcube.conf, make sure you have
instead of pointing to a hostname, which can resolve to a different IP address and so be denied.