On 03/11/2013 05:08 AM, Eero Volotinen wrote: >>> - Firewall and SELinux should be disabled. >> Bad advice. > this page also configures unsafe imap and pop settings. People should > always enable only ssl-enabled versions of imap and pop only. Just don't open those ports. Then they only work locally. For imap, that works well with the local imap webmail software. Why should a local squirelmail or roundcube server have to go through SSL to the local dovecot server? But this is why you DON'T turn off the firewall and apply the right rules.