[Dovecot] SSL / TLS
Federico Nicolelli
federico.nicolelli at iscsi.it
Thu Jul 9 18:56:37 EEST 2009
Charles Marcus ha scritto:
> On 7/9/2009, Timo Sirainen (tss at iki.fi) wrote:
>>> Forcing encrypted port (imaps) for everyone really doesn't add
>>> anything in the way of overhead on modern systems, and I just don't
>>> like the idea of unencrypted sessions, even on on 'trusted'
>>> networks.
>
>> That's a wrong way to think about it. imaps is a legacy port that
>> should have died years ago. You can force encrypted sessions on imap
>> port just by setting disable_plaintext_auth=yes (or even more
>> strongly with ssl=required with v1.2+).
>
> Hmmm... ok, I thought setting imaps was the easy way to both enable TLS
> and set dovecot to listen on port 993...
>
> So, does disable_plaintext_auth=yes automatically change the imap listen
> port to 993, or would I then nees to also set 'ssl_listen: 993' (if so,
> wouldn't that seeting be more appropriately named tls_listen? ;)?
>
No it will only disable plaintext authentications over a unsecure channel.
so if you want to force SSL/TLS you should use ssl=required as Timo said.
> Thanks Timo - I do prefer to use settings that are not (or not someday
> going to be) deprecated...
>
That's right ;-)
More information about the dovecot
mailing list