On 1/14/19 11:02 AM, Stephan Bosch wrote:
Op 14-1-2019 om 9:58 schreef Dominik Menke:
On 1/13/19 12:23 PM, Stephan Bosch wrote:
With ssl=yes, the TLS layer is enabled immediately on the connection.
Again, that's not what the documentation says:
ssl=yes [...]: SSL/TLS is offered to the client, but the client isn't required to use it.
If the client is not _required_ to use it, it _may_ chose plaintext transport, no?
(I'm not here to argue, I'm just pointing out an issue with the wiki).
Oh, I think we are talking about different things here. You're talking about the global ssl= setting. I am talking about the ssl = yes inside the service listener configuration (https://wiki.dovecot.org/Services#inet_listeners). The former specifies whether SSL is available/required for user connections in general, whereas the latter specifies whether the service activates the TLS layer immediately for that particular listener. The latter is also where you made the configuration mistake.
Oh, I see! Thanks for the clarification :-) --Dominik