I thought you could specify ssl to be wanted but not required, but I might be thinking on client side. Sent via iPhone

-----Original Message----- From: "Voytek Eymont" voytek@sbt.net.au Sender: dovecot-bounces@dovecot.orgDate: Mon, 3 Sep 2012 08:31:11 To: dovecot@dovecot.org Subject: Re: [Dovecot] Disable security for testing?

On Mon, September 3, 2012 7:22 am, Benny Pedersen wrote:

Den 2012-08-24 07:18, Voytek Eymont skrev:

...

I want to offer 'plain' unsecure pop/imap access, just for temp. testing purpose, do I simply comment out ssl = required

plain is not related to ssl enabled, here i have disabled pop3 imap, so now here i only supports ssl / tls connections

better set listen to localhost or another rfc1918 ip

Benny,

thanks, I think I'm using incorrect terminology, I'm sorry, basically, I wanted to temporarily remove the Dovecot default requirement for pop and imap access to be secure/encrypted (I have some mail clients from 'old' server attempting to access email on new server, and failing due to only-encrypted access on new server)

and, yes, by commenting out " ssl = required" it allowed the 'not properly configured for new server' client to access

-- Voytek

Den 2012-09-03 00:38, Mauricio skrev:

I thought you could specify ssl to be wanted but not required, but I might be thinking on client side.

the point is ?

Sent via iPhone

i dont have a iphone, but my custommers do say its working with ssl/tls and my own dovecot does not listen on port 110/143 anymore

Den 2012-09-03 01:32, Reindl Harald skrev:

STARTTLS is 110/143 per definition!

EOD

but hey, for you this is EOD because you know it better

SMTP STARTTLS: 587 SMTP over SSL: 465 POP3 STARTTLS: 110 POP3 over SSL: 995 IMAP STARTTLS: 143 IMAP over SSL: 993

in my limited experience, when I tried to set Outlook Express clients with my Dovecot 2, I couldn't get to do ssl/tls on port 110, only on 995; (I think..? I struck same with IMAP, couldn't get ssl/tls on 143, but, got it on 993)

question: is it because Outlook Express does SSL only, but not TLS? (or is it simply because it's crappy application ?)

thanks, enquiring minds need to know,

-- Voytek

On Mon, 3 Sep 2012 20:15:27 +1000 "Voytek Eymont" voytek@sbt.net.au wrote:

in my limited experience, when I tried to set Outlook Express clients with my Dovecot 2, I couldn't get to do ssl/tls on port 110, only on 995; (I think..? I struck same with IMAP, couldn't get ssl/tls on 143, but, got it on 993)

question: is it because Outlook Express does SSL only, but not TLS? (or is it simply because it's crappy application ?)

The ports 143 and 993 are used in different way when you want to have TLS. In case of 143, you begin the communication in unencrypted mode, then tell the server that you want to initiate a TLS handshake (you literally send a STARTTLS string to it). After that both client and server start negotiating the TLS connection (and hopefully they manage to do it :).

With the port 993 the expected/standard behavior is that you begin the TLS handshake right upon establishing the connection. Normally the servers will not accept any unencrypted IMAP command on it (in other words, you don't send STARTTLS to the server, the server expects you to start the handshake right away).

Similar concept is implemented for POP3, SMTP, LDAP, XMPP, and many others...

Btw, SSL and TLS are kind of the same things (or to be more precise when people are talking about it they refer to the same thing, unless they're crypto techies which are using the terminology correctly :)

Best regards

P.S. It's quite probably a crappy application as well :)

-- Branko Majic Jabber: branko@majic.rs Please use only Free formats when sending attachments to me.

Бранко Мајић Џабер: branko@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима.