[Dovecot] Enforcing STARTTLS for all mechs while disabling imaps

Durk Strooisma durk at kern.nl
Thu Jan 15 14:58:08 EET 2009


> On 1/15/2009, Durk Strooisma (durk at kern.nl) wrote:
>> As far as I can see, this would only be possible when using imaps and
>> disabling imap. However, I would like to have the other way around;
>> disabling imaps and using imap for all communication (with enforced
>> STARTTLS).
>> Am I missing something?
>
> Yes... an explanation for why you want/need to do this...

Simple, but debatable I guess. For some it might sound cosmetic. That's why
I didn't bring it up in the first place.

Okay, so here's the explanation. In our infrastructure we like to use native
encryption for (internet) protocols. Partly because it seems the "right way"
and partly because the other method (tunneling) is deprecated for some
protocols (e.g. LDAP). We don't need to support a huge range of client
applications, so this is compatability-wise no issue. To keep our
infrastructure a bit uniform, I've tried this with Dovecot/IMAP as well.
I've tried to enforce STARTTLS for any possible connection, to avoid using
tunneling, but I couldn't find an option to do so.

Durk




More information about the dovecot mailing list