On 03/19/2012 07:37 PM, Jeff Simmons wrote:
On Monday, March 19, 2012 04:16:46 pm you wrote:
On 3/19/2012 4:04 PM, Jeff Simmons wrote:
I'm working with a company that presently has a Linux mailserver which
all users have (no shell) accounts on. Mail is accessed via pop3 with
plaintext authentication. They want to move to a system using imap with
SSL. I'm building them a new server. I'd like to offer both for a while
so we can work the bugs out and migrate users over to SSL imap over
time. It appears that in order to limit the imap connections to SSL I
will need to run two separate instances of Dovecot. Is this correct?
I only have SSL or TLS connections enabled and I only have one copy of
Dovecot running.
Let me rephrase that. I want to run plaintext authentication pop3 and ssl/tls
only authentication imap. The 'allow plaintext authentication' configuration
directive appears to be global, meaning I will need to run two instances of
dovecot for a while. Is that correct, or can this be done on a single instance
of dovecot?
This is all you have to do:
protocol imap {
ssl=required
}
See: http://wiki2.dovecot.org/SSL
Globally, you can leave disable_plaintext_auth = no, and leave protocol
pop3 {} alone.
Your clients will be able to log in to pop3 with any authentication
mechanism you have enabled, and imap will be accessible only with
SSL/TLS, either over port 143 with STARTTLS or over port 993 with
implicit SSL.
I actually took the trouble to verify this on my local server before
posting, and it turns out the wiki didn't lie.
