[Dovecot] SSL / TLS

Timo Sirainen tss at iki.fi
Thu Jul 9 19:43:39 EEST 2009


On Thu, 2009-07-09 at 12:07 -0400, Charles Marcus wrote:
> On 7/9/2009, Federico Nicolelli (federico.nicolelli at iscsi.it) wrote:
> >> So, does disable_plaintext_auth=yes automatically change the imap listen
> >> port to 993, or would I then nees to also set 'ssl_listen: 993' (if so,
> >> wouldn't that seeting be more appropriately named tls_listen? ;) ?
> 
> > No it will only disable plaintext authentications over a unsecure channel.
> > so if you want to force SSL/TLS you should use ssl=required as Timo said.
> 
> Ok, still a little confused...
> 
> To do this 'right'...
> 
> protocols = imap
> disable_plaintext_auth = yes
> ssl = required
> 
> and just use the default standard imap port of 143?

Yeah. And sure you can keep imaps port open too.

If you have only auth { mechanisms = plain } enabled,
disable_plaintext_auth=yes and ssl=required does basically the same
thing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090709/a35a340c/attachment.bin 


More information about the dovecot mailing list