[Dovecot] Enforcing TLS

Giuliano Gavazzi dev+lists at humph.com
Fri Jan 9 14:11:54 EET 2009


On T 6 Jan, 2009, at 14:59 , Ed Schouten wrote:

> My question: is there support to enforce TLS when people connect to
> non-SSL ports? If someone comes up with a solution, I'll add it to the
> SSL article on the Wiki.
>
> I'm using Dovecot 1.1.7, installed on a FreeBSD 6.4-STABLE system.

not sure I understand the question correctly, if I do then the answer  
would be you cannot. If the client wants to speak plain it will. I do  
not see why you would want to keep on listening on port 143 if you  
want to enforce SSL, but if you really want to:

    protocol imap {
      listen = 127.0.0.1:143
      ssl_listen = *:993 <interface-ip>:143
    }

You can of course drop <interface-ip>:143.

Giuliano


More information about the dovecot mailing list