Forcing Dovecot to use SSL

Question

I set up a mail server on an Ubuntu 11.04 distribution using the dovecot-postfix package.

sudo apt-get install dovecot-postfix

For some reason, I can't seem to disable non-SSL access through dovcecot. I have made the following edits to the configuration file in an attempt to accomplish this.

/etc/dovecot/dovecot.conf

...
protocols= imaps
...
disable_plaintext_auth = yes
...
ssl = required
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

A telnet connection to port 143, however, reveals that dovecot is still accepting non-ssl connections. Where have I gone wrong?

score 5 · Accepted Answer · answered Oct 12 '11 at 20:23

5

You should be able to establish TLS connections, which connect on Port 143 and start in plain text, even though SSL is "required". If you want to disable TLS (which is more advanced than SSL) you'll need to rewrite the software or block the port (there might also be a way to disable to port, though I can't remember).

answered Oct 12 '11 at 20:23

Chris S

77,945
11
124
216

TLS works. Securing the connection was my primary concern. – Jason George Oct 12 '11 at 20:29

Forcing Dovecot to use SSL

1 Answers1