15 Jan
2009
15 Jan
'09
4:36 p.m.
First you need to disable any ssl_listen in the protocol section:
protocol imap { listen = *:143 # ssl_listen = *:993 } protocol pop3 { listen = *:110 # ssl_listen = *:995 }
Then set: disable_plaintext_auth = yes
That will give you the ability for users to only log in via TLS.
This will work for plain text authentication. However, we are (partly) using GSSAPI, which is not a plain text authentication mechanism. TLS (through STARTTLS) won't be enforced in these connections.
Durk