[Dovecot] SSL / TLS

Federico Nicolelli federico.nicolelli at iscsi.it
Thu Jul 9 18:35:01 EEST 2009


Timo Sirainen ha scritto:
> On Jul 9, 2009, at 11:15 AM, Charles Marcus wrote:
> 
>> On 7/9/2009, Federico Nicolelli (federico.nicolelli at iscsi.it) wrote:
>>> Ok, so if you set
>>> "protocols = imap imaps"
>>
>> Personally, I never enable unencrypted imap port...
>>
>> Forcing encrypted port (imaps) for everyone really doesn't add anything
>> in the way of overhead on modern systems, and I just don't like the idea
>> of unencrypted sessions, even on on 'trusted' networks.
> 
> That's a wrong way to think about it. imaps is a legacy port that should 
> have died years ago. You can force encrypted sessions on imap port just 
> by setting disable_plaintext_auth=yes (or even more strongly with 
> ssl=required with v1.2+).
> 
> 
I guess that "disable_plaintext_auth=yes" means that you have to use 
encryption algorithm to protect your authentication (like md5, sha1 
ecc...) but is not related with the traffic encryption.


More information about the dovecot mailing list