[Dovecot] Enforcing STARTTLS for all mechs while disabling imaps

Durk Strooisma durk at kern.nl
Thu Jan 15 16:36:24 EET 2009


> First you need to disable any ssl_listen in the protocol section:
>
> protocol imap {
>     listen = *:143
> #     ssl_listen = *:993
> }
> protocol pop3 {
>     listen = *:110
> #    ssl_listen = *:995
> }
>
> Then set:
> disable_plaintext_auth = yes
>
> That will give you the ability for users to only log in via TLS.

This will work for plain text authentication. However, we are (partly) using
GSSAPI, which is not a plain text authentication mechanism. TLS (through
STARTTLS) won't be enforced in these connections.

Durk




More information about the dovecot mailing list