Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. -- <http://www.horoa.net> -------------- next part -------------- A non-text attachment was scrubbed... Name: horoa_sig.png Type: image/png Size: 6693 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20110817/3926597c/attachment-0002.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 373 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20110817/3926597c/attachment-0002.vcf>
Hello, I was wondering if dovecot could help me in my project to smoothly make all my users switch to TLS encrypted POP / IMAP sessions and forget about cleartext. My first idea was to setup dovecot as a POP/IMAP proxy for my mailhosts and ask dovecot to display a warning message or slowdown non TLS sessions. Is there any way to achieve this with dovecot? Does anybody have another idea smoothly force used to switch to TLS? Regards. P.S: double posted because previous was HTML and I've seen some MUA fails to display it properly... sorry will only send raw text now. -------------- next part -------------- A non-text attachment was scrubbed... Name: a_chapellon.vcf Type: text/x-vcard Size: 387 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20110817/50c217e3/attachment-0002.vcf>
On 17/08/2011 16:00, Alexandre Chapellon wrote:> Is there any way to achieve this with dovecot? Does anybody have another > idea smoothly force used to switch to TLS?Hi, Maybe by sending them an email with a deadline for the end of clear text auth support ? If they don't amend their setup they'll be unable to retrieve their emails. Should you want to go the "nicer" way, you could throttle bandwidth to port 110/143 provided you use those for insecure connections.