Force SSL encryption with Dovecot for IMAPS/POPS

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » Email » Dovecot

Force SSL encryption with Dovecot for IMAPS/POPSLast Modified: Nov 29, 2018, 3:40 pm
These days it's best to force clients to use SSL encryption to authenticate with dovecot (imap/pop).
Dovecot has a simple option for this:


which you can add to a new file:


and then restart dovecot:

service dovecot restart

Note: non-encrypted logins are still allowed on localhost addresses, in case you're confused why it's still allowing it.

To test, use a remote server, and test like this:

telnet 143

and run command

01 LOGIN username password

You should see a message like this:

* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed.
01 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.

If you're still connected, you can logout/close the telnet connection with:


Related Helpfiles
Only allow smtp auth login if encryption is enabled

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST