On November 14, 2018 at 12:46 PM "A. Schulze" sca@andreasschulze.de wrote: < I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS)
"IMAPS" has been used forever. Every installation I can think of supports 993.
Same with submission. 465/587 has been a standard port for awhile now.
In fact, these are the only ports someone like a Google will allow you to connect to. https://support.google.com/mail/answer/7126229?hl=en
Switching Clients to complete new ports is a chance to separate and dry out legacy MUA's
There is no switch to do. These ports are well-known and well used.
I just tried this but that's no valid syntax tough:
service imap-login { inet_listener imap { port = 143 # using default protocols and ciphers... } inet_listener imaps { port = 993 ssl_protocols = TLSv1.2 TLSv1.3 ssl_cipher_list = ... } }
Postfix let me easily define different TLS protocols on different ports. For that it would be cool if dovecot could assist on such migrations, too.
Andreas
*) see https://tools.ietf.org/html/rfc8314 as well as the draft https://tools.ietf.org/html/draft-lvelvindron-tls-for-email-02 to deprecate TLSv1.1