I've tried the changes that I put below. Users are still able to log in from the LAN. However, despite putting the appropriate rule in my firewall allowing port 143 I cannot create a user on a PC outside my network. I'm using Thunderbird to do the testing. Is there a better way to test my setup? Thunderbird doesn't give any diagnostic data, it just says it's failed to test the account. On Thursday 05 May 2016 11:03:34 Gary Stainburn wrote: > I have a mail server running on Centos 7.2 which has been working for my > LAN for a long time. > > I'm at the point where I have to make it accessible to the internet. At > the moment, access can be insecure but as it's on my LAN it isn't an issue. > > However, for internet access I wish to force SSL/TLS. Having read the > documents I think it's as simple as changing 10-ssl.conf from > > ssl = yes > > to > > ssl = required > remote 10.0.0.0/8 { > ssl = yes > } > > Am I right in thinking that this would make the global value now force > SSL/TLS to be required, but for my LAN (10.0.0.0/8) override this with the > old value of 'yes' > > Is there a better way to do this? > Have I missed anything? > I believe that this means implies > > disable_plaintext_auth = no > > for all except my LAN. Is that right? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -- Gary Stainburn Group I.T. Manager Ringways Garages http://www.ringways.co.uk