[Dovecot] Sieve force SSL
Lukas Haase
lukashaase at gmx.at
Thu Sep 23 16:17:33 EEST 2010
Hi,
Am 23.09.2010 14:58, schrieb Timo Sirainen:
> On Thu, 2010-09-23 at 12:16 +0200, Lukas Haase wrote:
>
>> I have activated only imaps and managesieve.
>>
>> As sieve is running on a different port/protocol: Can I make sure that
>> sieve can ONLY be used with SSL/TLS?
>
> http://wiki.dovecot.org/SSL
Thank you.
First, IMAP and SMTP ports are completely blocked by the corporate
firewall (it is corporate policy to not allow IMAP and SMTP - I can not
do anything about this).
Second:
[...] This could be because it makes it easier to ensure that no
information is leaked, because SSL/TLS handshake happens immediately.
Some clients unfortunately try to do plaintext authentication without
STARTTLS, even when IMAP server has told the client that it won't work [...]
This is my personal reason for preferring only IMAPS (and do not even
offer IMAP).
So back to sieve: If I set disable_plaintext_auth=yes and ssl=required
then nothing should change for my IMAPS port because it is TLS per
definition. And for managesieve it means that it should be protected the
same way IMAP with STARTTLS would be.
So a client would connect to port 2000 and LOGIN would not be advertised
as long as STARTTLS is not issed. Correct?
Regards, Luke
More information about the dovecot
mailing list