Closed fadenb closed 6 years ago
r-raymond
commented
6 years ago Hi, thanks for using SNM, and sorry for the inconvenience!
What you want is
enableImap = true;
enablePop3 = true;
enableImapSsl = false;
enablePop3Ssl = false;i.e. enable* enables the TLS versions of Pop3 and Imap. If you in additions want the SSL versions, you can set the other two to true.
Maybe we should rename those options.
r-raymond
commented
6 years ago Btw, you mixed up the ports. TLS ports are 110 and 143. 993 and 995 are the SSL versions.
r-raymond
commented
6 years ago Ok, now I'm confused. Maybe you meant those ports after all. On ports 143 and 110 dovecot listens to with startTLS. I.e. the connection is intitially unencrypted, but login is not allowed until a TLS layer is started. The SSL ports use the certificate to establish an encrypted connection. In general I'd recommend to use the startTLS variant, the SSL ports are more of a legacy thing. If you know all this already, I'm sorry for wasting your time.
So only SSL ports without the startTLS variants are currently not supported. It should only be a small fix to make this possible though.
fadenb
commented
6 years ago I believe I was a bit confused myself ;)
My intention was to ensure credentials are not transmitted without some kind of encryption securing them on the wire (even if a client is using an insecure configuration). If login is only allowed once the communication is secured via startTLS that is good enough for me.
Thanks!
Hey,
I was trying to set up SNM in a way that would allow only TLS secured imap and pop3 connections. See below for the config options I used.
Is this currently possible with SNM?
Thanks!
SNM Version: (e.g. v2.1.3)
2.1.3
Nixos Version: (e.g. 17.09 or unstable)
17.09
Relevant part of the config to reproduce:
What I expected to happen:
Rebuild system with working setup (only listening on ports 993 and 995).
What happened: