[Dovecot] TLS Authentication Confusion

Bill Cole dovecot-20110531 at billmail.scconsult.com
Fri Nov 11 18:00:47 EET 2011


Carlos Mennens wrote, On 11/10/11 2:17 PM:
> I asked a user today to make sure his incoming and outgoing email was
> using TLS. He told me it wasn't possible because my Dovecot / Postfix
> daemons were only listening on TCP 25&  143 according to a port scan
> he did. He told me the only way I could enable encrypted secure
> sessions between the client&  server is to enable port 993 (IMAPs). I
> told him that TLS is supported on my mail server over the default
> ports TCP 25 / 143 and that many consider IMAPs to be legacy. I sent
> him a telnet session of my PC communicating with my server&  it shows
> TLS is available. I just wanted to be sure I was correct with the
> information above or am I completely wrong and I do indeed need TCP
> port 993?

You are correct. To convince your user, point him at 
http://en.wikipedia.org/wiki/STARTTLS which has links to the relevant RFC's.

>
> I know this is the Dovecot mailing list but since Dovecot and Postfix
> both use and support TLS in their configuration files, I figured I
> would ask here for your help!
>
> carloss at pc1:~$ telnet mail.holyghost.org 25
> Trying 192.168.4.100...
> Connected to mail.holyghost.org.
> Escape character is '^]'.
> 220 mail.holyghost.org ESMTP Postfix
> EHLO pc1.holyghost.org
> 250-mail.holyghost.org
> 250-PIPELINING
> 250-SIZE 20480000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
> Below is a snip from my mail logs showing TLS:
>
> Nov  9 10:26:39 mail dovecot: imap-login: Login: user=<carlos>,
> method=PLAIN, rip=::ffff:192.168.4.100, lip=::ffff:192.168.4.100, TLS
>
> The above snip from my log means that I'm connecting to Dovecot via
> TLS, correct?

Yes



More information about the dovecot mailing list