On Wed, 2011-08-17 at 16:05 +0200, Laurent CARON wrote:
On 17/08/2011 16:00, Alexandre Chapellon wrote:
Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS?
Hi,
Maybe by sending them an email with a deadline for the end of clear text auth support ?
This is the best method, give them at least 30 days notice (preferably 90 days), the notices should include a link to a kb/support site showing them how, not doing this will clog up your support lines for sure.
Send subsequent warning notices, with slightly stronger language each time, at 21 days, 14 days and 7 days, 3 days and 1 day. We did this when we cut out relaying for IP's and moved entirely to smtp auth, so its much the same thing - getting them to change settings.
A safe guard though, if you tell them, say 1st October cut off, don't actually cut off until a week or two after.
Yes, you'll still find some have not done it, but that's the nature of some people.
If they don't amend their setup they'll be unable to retrieve their emails.
Should you want to go the "nicer" way, you could throttle bandwidth to port 110/143 provided you use those for insecure connections.
That's not the right thing to do, TLS uses those ports too, it's SSL that does not, and it's pointless using other ports, you'll end up creating more problems than what it's worth.