[Dovecot] Enforcing STARTTLS for all mechs while disabling imaps
Durk Strooisma
durk at kern.nl
Thu Jan 15 16:36:24 EET 2009
> First you need to disable any ssl_listen in the protocol section:
>
> protocol imap {
> listen = *:143
> # ssl_listen = *:993
> }
> protocol pop3 {
> listen = *:110
> # ssl_listen = *:995
> }
>
> Then set:
> disable_plaintext_auth = yes
>
> That will give you the ability for users to only log in via TLS.
This will work for plain text authentication. However, we are (partly) using
GSSAPI, which is not a plain text authentication mechanism. TLS (through
STARTTLS) won't be enforced in these connections.
Durk
More information about the dovecot
mailing list