On 22/4/22 7:50 am, Jeremy Ardley wrote:
On 22/4/22 7:44 am, al...@coakmail.com wrote:Probably a bad idea. Many clients use STARTTTLS on port 143 rather than TLS on port 993On 22/4/22 7:25 am,al...@coakmail.com wrote:Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely?
I forgot to mention that in /etc/dovecot/dovecot.conf you don't need to specify imaps. Dovecot automatically listens on port 993 and 143 when ssl is specified and applies the ssl directive as indicated.
#global # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = required ssl_min_protocol = TLSv1.2 ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_prefer_server_ciphers = yes ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pe protocols = imap lmtp sieve #specific domain override local mail.example.com { protocol imap { ssl_cert = </etc/letsencrypt/live/special.example.com/fullchain.pem ssl_key = </etc/letsencrypt/live/special.example.com/privkey.pem } }It is possible to generate a wildcard letsencrypt certificate *.example.com but the process is tricky and has unexpected side-effects such as typo.example.com resolves to example.com in DNS
-- Jeremy
OpenPGP_signature
Description: OpenPGP digital signature