Charles Marcus ha scritto:
On 7/9/2009, Timo Sirainen (t...@iki.fi) wrote:
Forcing encrypted port (imaps) for everyone really doesn't add
anything in the way of overhead on modern systems, and I just don't
like the idea of unencrypted sessions, even on on 'trusted'
networks.
That's a wrong way to think about it. imaps is a legacy port that
should have died years ago. You can force encrypted sessions on imap
port just by setting disable_plaintext_auth=yes (or even more
strongly with ssl=required with v1.2+).
Hmmm... ok, I thought setting imaps was the easy way to both enable TLS
and set dovecot to listen on port 993...
So, does disable_plaintext_auth=yes automatically change the imap listen
port to 993, or would I then nees to also set 'ssl_listen: 993' (if so,
wouldn't that seeting be more appropriately named tls_listen? ;)?
No it will only disable plaintext authentications over a unsecure channel.
so if you want to force SSL/TLS you should use ssl=required as Timo said.
Thanks Timo - I do prefer to use settings that are not (or not someday
going to be) deprecated...
That's right ;-)
