iredmail-doc/html_bk/allow.insecure.pop3.imap.smtp.connections.html

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Allow insecure POP3/IMAP/SMTP connections without STARTTLS</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><div class="admonition note">
<p class="admonition-title">This tutorial is available in other languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
<p><a href="./allow.insecure.pop3.imap.smtp.connections-it_IT.html">Italiano</a> /</p>
</div>
<h1 id="allow-insecure-pop3imapsmtp-connections-without-starttls">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</h1>
<div class="toc">
<ul>
<li><a href="#allow-insecure-pop3imapsmtp-connections-without-starttls">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a><ul>
<li><a href="#allow-insecure-pop3imap-connections">Allow insecure POP3/IMAP connections</a></li>
<li><a href="#allow-insecure-smtp-connection-on-port-25">Allow insecure SMTP connection on port 25</a></li>
</ul>
</li>
</ul>
</div>
<p>With default iRedMail setting, all clients are forced to use POP3/IMAP/SMTP
services over STARTTLS for secure connections. If your mail clients
try to access mailbox via protocol POP3/IMAP without TLS support, you will
get error message like below:</p>
<pre><code>Plaintext authentication disallowed on non-secure (SSL/TLS) connections
</code></pre>
<p>This tutorial describes how to allow insecure connection for daily use.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you just have 1 or few network devices like printer, firewall need to
send email with insecure connection, please follow this tutorial instead:
<a href="./additional.smtp.port.html">Allow internal network devices to send email with insecure connection</a>.</p>
</div>
<h2 id="allow-insecure-pop3imap-connections">Allow insecure POP3/IMAP connections</h2>
<p>If you want to enable POP3/IMAP services without STARTTLS for some reason
(again, not recommended), please update below two parameters in Dovecot config
file <code>/etc/dovecot/dovecot.conf</code> and restart Dovecot service:</p>
<ul>
<li>on Linux and OpenBSD, it's <code>/etc/dovecot/dovecot.conf</code></li>
<li>on FreeBSD, it's <code>/usr/local/etc/dovecot/dovecot.conf</code></li>
</ul>
<pre><code>disable_plaintext_auth=no
ssl=yes
</code></pre>
<p>Again, it's strongly recommended to use only POP3S/IMAPS for better security.</p>
<p>Default and recommended setting configured by iRedMail is:</p>
<pre><code>disable_plaintext_auth=yes
ssl=required
</code></pre>
<h2 id="allow-insecure-smtp-connection-on-port-25">Allow insecure SMTP connection on port 25</h2>
<p>Please comment out lines below in Postfix config file <code>/etc/postfix/main.cf</code>
and reload or restart Postfix service:</p>
<pre><code>smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

# force all clients to use secure connection through port 25
#smtpd_tls_auth_only=yes
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>