diff -Nur e-smith-email-5.4.0-old/root/etc/e-smith/db/configuration/migrate/40change-variable-access-to-httpsonly e-smith-email-5.4.0/root/etc/e-smith/db/configuration/migrate/40change-variable-access-to-httpsonly
--- e-smith-email-5.4.0-old/root/etc/e-smith/db/configuration/migrate/40change-variable-access-to-httpsonly	1970-01-01 01:00:00.000000000 +0100
+++ e-smith-email-5.4.0/root/etc/e-smith/db/configuration/migrate/40change-variable-access-to-httpsonly	2013-12-13 16:59:23.534028606 +0100
@@ -0,0 +1,14 @@
+{
+        my $hordessl = $DB->get_prop('horde', 'access') or return;
+        if ($hordessl eq 'SSL')
+        {
+          $DB->set_prop('horde',"HttpsOnly", "yes" );
+          $DB->set_prop('horde',"access", "public" );
+        }
+        elsif ($hordessl eq 'full')
+        {
+          $DB->set_prop('horde',"HttpsOnly", "no" );
+          $DB->set_prop('horde',"access", "public" );
+        }
+}
+
diff -Nur e-smith-email-5.4.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/emailsettings e-smith-email-5.4.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/emailsettings
--- e-smith-email-5.4.0-old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/emailsettings	2013-11-26 19:01:14.391228451 +0100
+++ e-smith-email-5.4.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/emailsettings	2013-12-13 16:55:06.019972324 +0100
@@ -173,6 +173,10 @@
         <base>ENABLED_SECURE_ONLY</base>
         <trans>Allow HTTPS (secure)</trans>
     </entry>
+     <entry>
+        <base>ONLY_LOCAL_NETWORK_SSL</base>
+        <trans>Allow HTTPS (secure) from local networks</trans>
+    </entry>
     <entry>
         <base>INSECURE_POP3</base>
         <trans>Allow both POP3 and POP3S</trans>
diff -Nur e-smith-email-5.4.0-old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/emailsettings.pm e-smith-email-5.4.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/emailsettings.pm
--- e-smith-email-5.4.0-old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/emailsettings.pm	2013-11-26 19:01:14.406227386 +0100
+++ e-smith-email-5.4.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/emailsettings.pm	2013-12-13 16:55:06.020972231 +0100
@@ -338,7 +338,8 @@
       $db->set_prop('imp',"status", $webmail );
       $db->set_prop('horde', "status", $webmail );
       $db->set_prop('imp',"access", "full" );
-      $db->set_prop('horde',"access", "full" );
+      $db->set_prop('horde',"access", "public" );
+      $db->set_prop('horde',"HttpsOnly", "no" );
     }
     elsif ( $webmail eq "enabledSSL" ) {
       $db->set_prop('php',"status", "enabled" );
@@ -346,8 +347,20 @@
       $db->set_prop('imp',"status", 'enabled' );
       $db->set_prop('horde',"status", 'enabled' );
       $db->set_prop('imp',"access", "SSL" );
-      $db->set_prop('horde',"access", "SSL" );
+      $db->set_prop('horde',"access", "public" );
+      $db->set_prop('horde',"HttpsOnly", "yes" );
     }
+
+    elsif ( $webmail eq "localnetworkSSL" ) {
+      $db->set_prop('php',"status", "enabled" );
+      $db->set_prop('mysqld',"status", "enabled" );
+      $db->set_prop('imp',"status", 'enabled' );
+      $db->set_prop('horde',"status", 'enabled' );
+      $db->set_prop('imp',"access", "SSL" );
+      $db->set_prop('horde',"access", "private" );
+      $db->set_prop('horde',"HttpsOnly", "yes" );
+     }
+
     else {
       $db->set_prop('imp',"status", 'disabled' );
       $db->set_prop('horde',"status", 'disabled' );
@@ -544,7 +557,7 @@
 
 =head2 get_current_webmail_status
 
-returns "disabled", "enabled" or "enabledSSL", depending on whether
+returns "disabled", "localnetworkSSL" or "enabledSSL", depending on whether
 the various components of the webmail subsystem are currently enabled
 
 =cut
@@ -565,15 +578,27 @@
 
   my $PHPStatus = $db->get_prop('php', 'status') || 'disabled';
 
+  my $Networkaccess = $db->get_prop('horde','access') || 'disabled';
+
   # all four components must be on for webmail to be working
   if ( ( $IMPStatus eq "enabled" )
        && ( $HordeStatus eq "enabled" )
        && ( $MysqlStatus eq "enabled" )
-       && ( $PHPStatus eq "enabled" ) )
+       && ( $PHPStatus eq "enabled"   ) 
+       && ( $Networkaccess eq "public"))
     {
       $WebmailStatus = ( $SSLonly eq "SSL" ) ? "enabledSSL" : "enabled";
     }
 
+  elsif ( ( $IMPStatus eq "enabled" )
+       && ( $HordeStatus eq "enabled" )
+       && ( $MysqlStatus eq "enabled" )
+       && ( $PHPStatus eq "enabled"   )
+       && ( $Networkaccess eq "private" ))
+    {
+      $WebmailStatus = ( $SSLonly eq "SSL" ) ? "localnetworkSSL" : "enabled";
+    }
+
   my $options = get_webmail_options();
 
   return $localise ? $fm->localise($options->{$WebmailStatus}) 
@@ -737,7 +762,8 @@
 sub get_webmail_options
 {
     my %options = ( disabled   => 'DISABLED', 
-		enabledSSL => 'ENABLED_SECURE_ONLY' );
+               enabledSSL => 'ENABLED_SECURE_ONLY',
+               localnetworkSSL => 'ONLY_LOCAL_NETWORK_SSL' );
 
     my $access = $db->get_prop('imp', 'access') || 'SSL';