Hello,
Before I get in to my question is ssl on 993 or starttls on 143 better from a security perspective?
I've noticed that I've got a dovecot listener on port 993, below is my doveconf -n output I don't have an imaps listener uncommented should I do so and set it's port to 0? Will that disable the 993 listener? Thanks. Dave.
# 2.3.10 (0da0eff44): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.10 (bf8ef1c2) # OS: FreeBSD 12.1-RELEASE-p2 amd64 # Hostname: hostname.example.com auth_cache_size = 10 M auth_default_realm = example.com auth_mechanisms = plain login auth_realms = example.com dict { lastlogin = mysql:/usr/local/etc/dovecot/dovecot-last-login.conf } first_valid_gid = 2100 first_valid_uid = 2100 hostname = hostname.example.com imap_client_workarounds = delay-newhostname tb-extra-hostnamebox-sep tb-lsub-flags imap_idle_notify_interval = 1 mins last_valid_gid = 2100 last_valid_uid = 2100 lda_hostnamebox_autocreate = yes lda_hostnamebox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = xxx.xxx.xxx.xxx lmtp_rcpt_check_quota = yes log_timestamp = "%Y-%m-%d %H:%M:%S " hostname_access_groups = vhostname hostname_fsync = never hostname_gid = vhostname hostname_home = /var/vhostname/hostnameboxes/%d/%n hostname_location = dbox:~/hostname hostname_plugins = acl fts fts_lucene mail_log notify quota trash virtual welcome zlib mail_crypt hostname_privileged_group = vhostname hostname_server_admin = hostnameto:postmaster@example.com hostname_uid = vhostname managesieve_notify_capability = hostnameto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment hostnamebox date index ihave duplicate mime foreverypart extracttext spamtest spamtestplus virustest editheader imapflags notify imapsieve vnd.dovecot.imapsieve namespace { location = sdbox:/var/vhostname/public/:CONTROL=~/hostname/public:INDEX=~/hostname/public prefix = Public/ separator = / subscriptions = yes type = public } namespace { hidden = no list = yes location = hostnamedir:/var/vhostname/shared/office/.hostnamedir:CONTROL=~/.hostnamedir/control/office:INDEX=~/.hostnamedir/index/office prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace inbox { inbox = yes location = hostnamebox Drafts { auto = subscribe special_use = \Drafts } hostnamebox Sent { auto = subscribe special_use = \Sent } hostnamebox Spam { auto = subscribe autoexpunge = 30 days special_use = \Junk } hostnamebox Trash { auto = subscribe autoexpunge = 30 days special_use = \Trash } prefix = separator = / type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/usr/local/etc/dovecot/global-acls:cache_secs=300 fts = lucene fts_autoindex = yes fts_autoindex_exclude = \Junk fts_autoindex_exclude2 = \Trash fts_autoindex_exclude3 = \Spam fts_autoindex_max_recent_msgs = 80 fts_index_timeout = 90 fts_lucene = whitespace_chars=@. normalize no_snowball imapsieve_hostnamebox1_before = file:/var/vhostname/sieve/global/learn-spam.sieve imapsieve_hostnamebox1_causes = COPY imapsieve_hostnamebox1_name = Spam imapsieve_hostnamebox2_before = file:/var/vhostname/sieve/global/learn-ham.sieve imapsieve_hostnamebox2_causes = COPY imapsieve_hostnamebox2_from = Spam imapsieve_hostnamebox2_name = * last_login_dict = proxy::lastlogin last_login_key = # hidden, use -P to show it hostname_crypt_curve = prime256v1 hostname_crypt_global_private_key = # hidden, use -P to show it hostname_crypt_global_public_key = # hidden, use -P to show it hostname_crypt_save_version = 2 hostname_log_events = delete undelete expunge copy hostnamebox_delete hostnamebox_rename hostname_log_fields = uid box msgid size quota = count:User quota quota_exceeded_message = Storage quota for this account has been exceeded, please try again later. quota_grace = 10%% quota_rule2 = Trash:ignore quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 hostnamebox is full quota_status_success = DUNNO quota_vsizes = true quota_warning = storage=100%% quota-exceeded 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u quota_warning5 = storage=75%% quota-warning 75 %u sieve = file:/var/vhostname/sieve/%d/%n/scripts;active=/var/vhostname/sieve/%d/%n/active-script.sieve sieve_before = /var/vhostname/sieve/global/spam-global.sieve sieve_extensions = +notify +imapflags +spamtest +spamtestplus +virustest +editheader sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute +vnd.dovecot.environment sieve_max_redirects = 30 sieve_max_script_size = 1M sieve_pipe_bin_dir = /usr/bin sieve_plugins = sieve_imapsieve sieve_extprograms sieve_spamtest_max_header = X-Spamd-Result: default: [[:alnum:]]+ \[-?[[:digit:]]+\.[[:digit:]]+ / (-?[[:digit:]]+\.[[:digit:]]+)\] sieve_spamtest_status_header = X-Spamd-Result: default: [[:alnum:]]+ \[(-?[[:digit:]]+\.[[:digit:]]+) / -?[[:digit:]]+\.[[:digit:]]+\] sieve_spamtest_status_type = score sieve_user_log = /var/vhostname/sieve/sieve_error.log sieve_virustest_status_header = X-Virus-Scan: Found to be (.+)\. sieve_virustest_status_type = text sieve_virustest_text_value1 = clean sieve_virustest_text_value5 = infected trash = /usr/local/etc/dovecot/trash.conf welcome_script = welcome %n postmaster@%d welcome_wait = yes } postmaster_address = postmaster@example.com protocols = imap lmtp sieve sendhostname_path = /usr/local/sbin/sendhostname service auth-worker { user = vhostname } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vhostname mode = 0666 user = vhostname } } service dict { unix_listener dict { mode = 0600 user = vhostname } user = root } service imap-login { inet_listener imap { port = 143 } process_min_avail = 1 } service imap { executable = imap } service lmtp { executable = lmtp unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 172.16.21.3 port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/dovecot-quota { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/etc/dovecot/quota-warning.sh unix_listener quota-warning { group = vhostname mode = 0660 user = vhostname } user = vhostname } service stats { unix_listener stats-reader { group = vhostname mode = 0660 user = vhostname } unix_listener stats-writer { group = vhostname mode = 0660 user = vhostname } } service welcome { executable = script /usr/local/etc/dovecot/welcome.sh unix_listener welcome { user = vhostname } user = vhostname } ssl = required ssl_cert = </usr/local/etc/ssl/acme.sh/example.com/fullchain.crt ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_curve_list = P-256 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_ticket ssl_prefer_server_ciphers = yes userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { hostname_fsync = optimized hostname_plugins = acl fts fts_lucene hostname_log notify quota trash virtual welcome zlib hostname_crypt sieve } protocol lda { hostname_fsync = optimized hostname_plugins = acl fts fts_lucene hostname_log notify quota trash virtual welcome zlib hostname_crypt sieve } protocol imap { hostname_max_userip_connections = 20 hostname_plugins = acl fts fts_lucene hostname_log notify quota trash virtual welcome zlib hostname_crypt imap_acl imap_quota imap_sieve imap_zlib last_login quota welcome } protocol sieve { info_log_path = /var/log/dovecot/dovecot-sieve.log log_path = /var/log/dovecot/dovecot-sieve-errors.log }