On Thu, 2009-01-15 at 10:26 +0100, Durk Strooisma wrote:
> Hi all,
>
> Is there a way to enforce STARTTLS for all connections, regardless their
> authentication mechanism? disable_plaintext_auth only takes care of the auth
> conversation, but I would like to have all communication encrypted.
>
>
Durk Strooisma wrote:
> This will work for plain text authentication. However, we are (partly)
> using
> GSSAPI, which is not a plain text authentication mechanism. TLS (through
> STARTTLS) won't be enforced in these connections.
>
Ah yeah, will not work with GSSAPI, sorry if I missed where you
> First you need to disable any ssl_listen in the protocol section:
>
> protocol imap {
> listen = *:143
> # ssl_listen = *:993
> }
> protocol pop3 {
> listen = *:110
> #ssl_listen = *:995
> }
>
> Then set:
> disable_plaintext_auth = yes
>
> That will give you the ability for users
Durk Strooisma wrote:
>> On 1/15/2009, Durk Strooisma (d...@kern.nl) wrote:
>>
>>> As far as I can see, this would only be possible when using imaps and
>>> disabling imap. However, I would like to have the other way around;
>>> disabling imaps and using imap for all communication (with enforc
> On 1/15/2009, Durk Strooisma (d...@kern.nl) wrote:
>> As far as I can see, this would only be possible when using imaps and
>> disabling imap. However, I would like to have the other way around;
>> disabling imaps and using imap for all communication (with enforced
>> STARTTLS).
>> Am I missing s
On 1/15/2009, Durk Strooisma (d...@kern.nl) wrote:
> As far as I can see, this would only be possible when using imaps and
> disabling imap. However, I would like to have the other way around;
> disabling imaps and using imap for all communication (with enforced
> STARTTLS).
> Am I missing somethin
Hi all,
Is there a way to enforce STARTTLS for all connections, regardless their
authentication mechanism? disable_plaintext_auth only takes care of the auth
conversation, but I would like to have all communication encrypted.
As far as I can see, this would only be possible when using imaps and
d
