[Dovecot] Enforcing STARTTLS for all mechs while disabling imaps
Eric Toczek
eric at flerd.com
Thu Jan 15 15:56:33 EET 2009
Durk Strooisma wrote:
>> On 1/15/2009, Durk Strooisma (durk at kern.nl) wrote:
>>
>>> As far as I can see, this would only be possible when using imaps and
>>> disabling imap. However, I would like to have the other way around;
>>> disabling imaps and using imap for all communication (with enforced
>>> STARTTLS).
>>> Am I missing something?
> I've tried to enforce STARTTLS for any possible connection, to avoid using
> tunneling, but I couldn't find an option to do so.
>
>
First you need to disable any ssl_listen in the protocol section:
protocol imap {
listen = *:143
# ssl_listen = *:993
}
protocol pop3 {
listen = *:110
# ssl_listen = *:995
}
Then set:
disable_plaintext_auth = yes
That will give you the ability for users to only log in via TLS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20090115/177e7290/attachment.bin
More information about the dovecot
mailing list