On 03/19/2012 07:37 PM, Jeff Simmons wrote:
On 3/19/2012 4:04 PM, Jeff Simmons wrote:
I'm working with a company that presently has a Linux mailserver which all users have (no shell) accounts on. Mail is accessed via pop3 with plaintext authentication. They want to move to a system using imap with SSL. I'm building them a new server. I'd like to offer both for a while so we can work the bugs out and migrate users over to SSL imap over time. It appears that in order to limit the imap connections to SSL I will need to run two separate instances of Dovecot. Is this correct? I only have SSL or TLS connections enabled and I only have one copy of Dovecot running. Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls only authentication imap. The 'allow plaintext authentication' configuration
On Monday, March 19, 2012 04:16:46 pm you wrote: directive appears to be global, meaning I will need to run two instances of dovecot for a while. Is that correct, or can this be done on a single instance of dovecot?
This is all you have to do:
protocol imap { ssl=required }
See: http://wiki2.dovecot.org/SSL
Globally, you can leave disable_plaintext_auth = no, and leave protocol pop3 {} alone.
Your clients will be able to log in to pop3 with any authentication mechanism you have enabled, and imap will be accessible only with SSL/TLS, either over port 143 with STARTTLS or over port 993 with implicit SSL.
I actually took the trouble to verify this on my local server before posting, and it turns out the wiki didn't lie.