[Dovecot] Using plaintext auth and SSL

Gedalya gedalya at gedalya.net
Tue Mar 20 05:42:38 EET 2012


On 03/19/2012 07:37 PM, Jeff Simmons wrote:
> On Monday, March 19, 2012 04:16:46 pm you wrote:
>> On 3/19/2012 4:04 PM, Jeff Simmons wrote:
>>> I'm working with a company that presently has a Linux mailserver which
>>> all users have (no shell) accounts on. Mail is accessed via pop3 with
>>> plaintext authentication. They want to move to a system using imap with
>>> SSL. I'm building them a new server. I'd like to offer both for a while
>>> so we can work the bugs out and migrate users over to SSL imap over
>>> time. It appears that in order to limit the imap connections to SSL I
>>> will need to run two separate instances of Dovecot. Is this correct?
>> I only have SSL or TLS connections enabled and I only have one copy of
>> Dovecot running.
> Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls
> only authentication imap. The 'allow plaintext authentication' configuration
> directive appears to be global, meaning I will need to run two instances of
> dovecot for a while. Is that correct, or can this be done on a single instance
> of dovecot?
>
Turns out you can also use the disable_plaintext_auth = yes directive 
under protocol imap {}, but as noted by others previously, this is 
related specifically to plaintext authentication methods, and is not the 
same as requiring SSL/TLS for the entire session. If my understanding is 
correct, disable_plaintext_auth means your clients can authenticate with 
non-plaintext e.g. with CRAM-MD5 and proceed with an unsecured session.



More information about the dovecot mailing list