Brian
My feedback
1 result found
-
5 votes
Hello Brian,
Thanks for sharing your ideas to force SSL/TLS for all clients. We will look into adding options for force TLS/SSL for IMAP and POP clients in a future version. One option to force POP and IMAP users to use SSL is to only allow the SSL ports for these protocols through the firewall. Another option is to turn off support for plain text passwords. This will force the users to choose a secure means of transmitting the password which are either the use of Cram-MD5 or an SSL/TLS connection. Forcing the use of SSL/TLS on port 25 may result in other servers not being able to send you email, but it is possible to do using the STARTTLS Required List.
Thanks,
Arron
An error occurred while saving the comment Brian supported this idea ·Brian shared this idea ·
This is still something I'd really like to see. When a login is attempted and TLS or SSL is not in use, drop the connection, refuse the login.
In my company it's a requirement. We can spot the mis-configured IMAP users easily, but finding all of the POP and SMTP users without SSL or TLS is difficult and time-consuming, and has to be repeated every couple of weeks.
I've looked at forcing ports but it is problematic for several reasons.
I'd even settle for a report at this point.