On Tue, 2009-01-06 at 14:59 +0100, Ed Schouten wrote:
I've happily been using Dovecot for a couple of years now, but only a couple of days ago I configured it to speak both TLS and SSL for both POP3 and IMAP. Ideally I want users to use TLS, but I've enabled SSL, because some mailers (at least Apple Mail on OS X Tiger) don't support TLS.
BTW. Your TLS/SSL term usage isn't correct. http://wiki.dovecot.org/SSL
I already asked on IRC whether this was possible, because I was unable to find this on the Wiki. It turns out there is a configuration switch called `disable_plaintext_auth', but looking at the description this only prevents people from using plain-text username/password authentication. It does not actually enforce TLS or SSL.
My question: is there support to enforce TLS when people connect to non-SSL ports? If someone comes up with a solution, I'll add it to the SSL article on the Wiki.
Have you enabled non-plaintext authentication? If not, then disable_plaintext_auth practically does what you want, because you can't authenticate without SSL/TLS.