pop 110/995, imap 143/993 ?

Peter peter at pajamian.dhs.org
Tue Aug 22 23:27:10 EEST 2017


On 22/08/17 18:24, Aki Tuomi wrote:
> Dovecot, by default, requires STARTTLS before accepting plaintext
> authentication when SSL is configured and you are not connecting from
> localhost. You can verify this by telnetting to port 143 from somewhere
> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
> have enabled something like cram-md5.
> 
> I think postfix, by default, will also prevent authentication without
> transport security.

No:
$ postconf -d smtpd_tls_auth_only
smtpd_tls_auth_only = no

The commented submission service in master.cf contains it, though, so if
you uncomment the service as a whole it will be set:
#  -o smtpd_tls_auth_only=yes

> Also, you should probably using 587/tcp (submission) for sending mail,
> instead of 25. Some reputable ISPs prevent connecting to random MX
> servers to port 25 to make life harder for spambots.

Right, you should never use port 25 for submission, for several reasons.


Peter


More information about the dovecot mailing list