Hi,
Am 23.09.2010 14:58, schrieb Timo Sirainen:
On Thu, 2010-09-23 at 12:16 +0200, Lukas Haase wrote:
I have activated only imaps and managesieve.
As sieve is running on a different port/protocol: Can I make sure that sieve can ONLY be used with SSL/TLS?
Thank you.
First, IMAP and SMTP ports are completely blocked by the corporate firewall (it is corporate policy to not allow IMAP and SMTP - I can not do anything about this).
Second:
[...] This could be because it makes it easier to ensure that no information is leaked, because SSL/TLS handshake happens immediately. Some clients unfortunately try to do plaintext authentication without STARTTLS, even when IMAP server has told the client that it won't work [...]
This is my personal reason for preferring only IMAPS (and do not even offer IMAP).
So back to sieve: If I set disable_plaintext_auth=yes and ssl=required then nothing should change for my IMAPS port because it is TLS per definition. And for managesieve it means that it should be protected the same way IMAP with STARTTLS would be.
So a client would connect to port 2000 and LOGIN would not be advertised as long as STARTTLS is not issed. Correct?
Regards, Luke