In a fully-working email server (setup with iRedmail in this case) with RoundCube for webmail, and Dovecot/Postfix/etc, how can you disable external client connections to IMAP/SMTP/POP3 and make the server webmail-only for email? I believe Roundcube connects directly to Dovecot for user authentication when logging in, so this makes it tricky.
I tried updating Dovecot SQL query in /etc/dovecot/dovecot-mysql.conf, to reject all IMAP requests if remote IP address is not the server which hosts Roundcube webmail (e.g. 127.0.0.1): Sample SQL query:
# Original SQL query in dovecot-mysql.conf:
#user_query = SELECT ... FROM mailbox,domain WHERE ...
# Modified:
user_query = SELECT ... FROM mailbox,domain WHERE ... AND '%r' = '127.0.0.1'
But this locked all users out from RoundCube login. Removing it (and restarting dovecot service) instantly allowed login again. Is there another way?