Charles Marcus ha scritto:
On 7/9/2009, Timo Sirainen (tss@iki.fi) wrote:
Forcing encrypted port (imaps) for everyone really doesn't add anything in the way of overhead on modern systems, and I just don't like the idea of unencrypted sessions, even on on 'trusted' networks.
That's a wrong way to think about it. imaps is a legacy port that should have died years ago. You can force encrypted sessions on imap port just by setting disable_plaintext_auth=yes (or even more strongly with ssl=required with v1.2+).
Hmmm... ok, I thought setting imaps was the easy way to both enable TLS and set dovecot to listen on port 993...
So, does disable_plaintext_auth=yes automatically change the imap listen port to 993, or would I then nees to also set 'ssl_listen: 993' (if so, wouldn't that seeting be more appropriately named tls_listen? ;)?
No it will only disable plaintext authentications over a unsecure channel. so if you want to force SSL/TLS you should use ssl=required as Timo said.
Thanks Timo - I do prefer to use settings that are not (or not someday going to be) deprecated...
That's right ;-)