When using WHM, in Home »Service Configuration »Mailserver Configuration , I can see checkboxes for turning on/off four protocols: imap, imaps, pop3, pop3s. I understand that imap is required to be turned on for webmail services, but it should not need to listen for outside connections, only for connections on localhost [127.0.0.1] or [:::1]
I wish to tell courier not to listen on 0.0.0.0:143 and 0.0.0.0:110 for (insecure) imap and (insecure) pop3, but still listen on 127.0.0.1:143 and 127.0.0.1:110. How would I do this?
Alternately, I would like to know how to set iptables rules via WHM/cPanel to shield these tcp ports from connections from the outside. I worry if I use iptables from the command line, WHM/cPanel will wipe out my changes without warning. I have only found "Home »Security Center »Host Access Control" which only lets me name the daemon, not the interface. This would be bad, because if I tell couriertcpd it to stop listening to outside connections, that will block all four protocols, not just the two insecure ones.
I wish to tell courier not to listen on 0.0.0.0:143 and 0.0.0.0:110 for (insecure) imap and (insecure) pop3, but still listen on 127.0.0.1:143 and 127.0.0.1:110. How would I do this?
Alternately, I would like to know how to set iptables rules via WHM/cPanel to shield these tcp ports from connections from the outside. I worry if I use iptables from the command line, WHM/cPanel will wipe out my changes without warning. I have only found "Home »Security Center »Host Access Control" which only lets me name the daemon, not the interface. This would be bad, because if I tell couriertcpd it to stop listening to outside connections, that will block all four protocols, not just the two insecure ones.
