[Dovecot] SSL with startssl.com certificates

Dan Langille dan at langille.org
Mon Sep 16 17:48:18 EEST 2013

On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote:

> Am 16.09.2013 16:10, schrieb Dan Langille:
>>> Have you/they tried simply using TLS on 143?  (preferred as POP3s/IMAPs
>>> has really be deprecated everywhere for some time now)
>> For this test, I reconfigured the server to NOT use IMAPS and restarted it.  Then I went 
>> to my iPhone and turned off SSL for this mail account.
>> That configuration works for my iPhone.
>> Looking via tcpdump, I can see that emails are indeed being downloaded in clear text
> you need to understand the difference between IMAPS/POP3S on the dedicated
> 9xx ports versus STARTLS on 143/110

I believe I do understand.  

> http://en.wikipedia.org/wiki/STARTTLS

Yes, that's what I those STARTTLS was.

> if you turn off SSL it is turned off
> on sane clients like thunderbird you can switch between cleartext/STARTTLS and SSL

So far, with all we've tried, the only secure option appears to be self signed certificates.

Dan Langille - http://langille.org

More information about the dovecot mailing list