[Dovecot] Enforcing TLS

Timo Sirainen tss at iki.fi
Tue Jan 6 17:19:25 EET 2009


On Tue, 2009-01-06 at 14:59 +0100, Ed Schouten wrote:
> I've happily been using Dovecot for a couple of years now, but only a
> couple of days ago I configured it to speak both TLS and SSL for both
> POP3 and IMAP. Ideally I want users to use TLS, but I've enabled SSL,
> because some mailers (at least Apple Mail on OS X Tiger) don't support
> TLS.

BTW. Your TLS/SSL term usage isn't correct. http://wiki.dovecot.org/SSL

> I already asked on IRC whether this was possible, because I was unable
> to find this on the Wiki. It turns out there is a configuration switch
> called `disable_plaintext_auth', but looking at the description this
> only prevents people from using plain-text username/password
> authentication. It does not actually enforce TLS or SSL.
> 
> My question: is there support to enforce TLS when people connect to
> non-SSL ports? If someone comes up with a solution, I'll add it to the
> SSL article on the Wiki.

Have you enabled non-plaintext authentication? If not, then
disable_plaintext_auth practically does what you want, because you can't
authenticate without SSL/TLS.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090106/23e7ac13/attachment.bin 


More information about the dovecot mailing list