On 10/11/20 1:52 pm, Nikolai Lusan wrote:
Greetings,On Mon, 2020-11-09 at 23:42 -0600, Raymond Herrera wrote: > For several years I have been running the following in a Linux > server. > Dovecot Version: 2.0.9 > *IMAP:* > Connection Security: SSL/TLS > Port: 993 > Authentication Method: Normal Password
> *SMTP:* > Connection Security: STARTTLS > Port: 587 > Authentication Method: Normal Password Pretty standard setup. Personally I am using Postfix for SMTP/Submission and Dovecot for IMAP - both with STARTTLS. I use a couple of MX's to actually do the initial recieving of email, so everything auth related (and adress related) is in a multi-master LDAP server on each machine. Using Dovetcot-SASL for SMTP auth too. > The E-mail client is Thunderbird on Windows. I my experience pretty much any client works with this setup.
I also use STARTTLS, though I expose that on both IMAP and IMAPS ports, which is consistent with a number of major imap providers.
Selection of ciphers is important. I researched this recently and use this stanza in the configuration
ssl = required ssl_min_protocol = TLSv1.2 ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_prefer_server_ciphers = yesThe defaults in dovecot are shown commented in conf.d/10-ssl.conf. They are not best practice for security.
OpenPGP_0xFABD47B0F98E88C9.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
