[Dovecot] Enabling security on POP3 and IMAP

Patrick Nagel patrick.nagel at star-group.net
Thu Sep 3 12:04:08 EEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Richard,

On 2009-09-03 16:38, Richard Hobbs wrote:
> Currently, on our new test server, I am offering IMAP on 143 and POP3 on
> 110.
> 
> We would like to enable security on both of these protocols to attempt
> to eliminate the risk from an internal
> password-grabbing/content-grabbing attack.
> 
> I presume this would mean enabling SSL, and a more securure
> authentication, right? Or are plain text passwords just sent over the
> SSL, and therefore perfectly secure?

Yes, plain text passwords are fine with SSL/TLS, since the connection gets
secured before the password is sent.

> Also, what are the steps to enable security for these protocols on an
> already-configured server?
> 
> Is it possible to offer encrypted and non-encrypted services
> simultaneously, so people have a choice of whether they want security or
> not? I know that's a bit weird, but for testing it would be useful.

No problem. Basically you just need to specify the certificate (ssl_cert_file)
and the key (ssl_key_file) in the config, and add 'imaps' and 'pop3s' to
'protocols'.

> Finally, is there a way to monitor which users are connecting over the
> secure ports and which users are connecting over the non-secure ports?

You can see it in the log.

Patrick.

- -- 
STAR Software (Shanghai) Co., Ltd.              http://www.star-group.net/
Phone:    +86 (21) 3462 7688 x 826               Fax:   +86 (21) 3462 7779

PGP key:  E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc
Fingerprint:             E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkqfhoIACgkQ7yMg/OiDoAWzuQCfSpkZn7AXpsSbh3dVLPtsYQBr
PL0An22lbqUY/MCGca8Q+RXOhojvfcf9
=wKmX
-----END PGP SIGNATURE-----


More information about the dovecot mailing list