[Dovecot] Using plaintext auth and SSL

Gedalya gedalya at gedalya.net
Tue Mar 20 05:19:42 EET 2012


On 03/19/2012 07:37 PM, Jeff Simmons wrote:
> On Monday, March 19, 2012 04:16:46 pm you wrote:
>> On 3/19/2012 4:04 PM, Jeff Simmons wrote:
>>> I'm working with a company that presently has a Linux mailserver which
>>> all users have (no shell) accounts on. Mail is accessed via pop3 with
>>> plaintext authentication. They want to move to a system using imap with
>>> SSL. I'm building them a new server. I'd like to offer both for a while
>>> so we can work the bugs out and migrate users over to SSL imap over
>>> time. It appears that in order to limit the imap connections to SSL I
>>> will need to run two separate instances of Dovecot. Is this correct?
>> I only have SSL or TLS connections enabled and I only have one copy of
>> Dovecot running.
> Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls
> only authentication imap. The 'allow plaintext authentication' configuration
> directive appears to be global, meaning I will need to run two instances of
> dovecot for a while. Is that correct, or can this be done on a single instance
> of dovecot?
>

This is all you have to do:

protocol imap {
   ssl=required
}

See: http://wiki2.dovecot.org/SSL

Globally, you can leave disable_plaintext_auth = no, and leave protocol 
pop3 {} alone.

Your clients will be able to log in to pop3 with any authentication 
mechanism you have enabled, and imap will be accessible only with 
SSL/TLS, either over port 143 with STARTTLS or over port 993 with 
implicit SSL.

I actually took the trouble to verify this on my local server before 
posting, and it turns out the wiki didn't lie.



More information about the dovecot mailing list