On 10/11/20 1:52 pm, Nikolai Lusan wrote:
Greetings,
On Mon, 2020-11-09 at 23:42 -0600, Raymond Herrera wrote:
For several years I have been running the following in a Linux server.
Dovecot Version: 2.0.9
*IMAP:* Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password
*SMTP:* Connection Security: STARTTLS Port: 587 Authentication Method: Normal Password
Pretty standard setup.
Personally I am using Postfix for SMTP/Submission and Dovecot for IMAP
- both with STARTTLS. I use a couple of MX's to actually do the initial recieving of email, so everything auth related (and adress related) is in a multi-master LDAP server on each machine. Using Dovetcot-SASL for SMTP auth too.
The E-mail client is Thunderbird on Windows.
I my experience pretty much any client works with this setup.
I also use STARTTLS, though I expose that on both IMAP and IMAPS ports, which is consistent with a number of major imap providers.
Selection of ciphers is important. I researched this recently and use this stanza in the configuration
ssl = required ssl_min_protocol = TLSv1.2 ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_prefer_server_ciphers = yes
The defaults in dovecot are shown commented in conf.d/10-ssl.conf. They are not best practice for security.