This tutorial is available in other languages. Help translate more

Italiano /

Allow insecure POP3/IMAP/SMTP connections without STARTTLS

Attention

Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

With default iRedMail setting, all clients are forced to use POP3/IMAP/SMTP services over STARTTLS for secure connections. If your mail clients try to access mailbox via protocol POP3/IMAP without TLS support, you will get error message like below:

Plaintext authentication disallowed on non-secure (SSL/TLS) connections

This tutorial describes how to allow insecure connection for daily use.

Note

If you just have 1 or few network devices like printer, firewall need to send email with insecure connection, please follow this tutorial instead: Allow internal network devices to send email with insecure connection.

Allow insecure POP3/IMAP connections

If you want to enable POP3/IMAP services without STARTTLS for some reason (again, not recommended), please update below two parameters in Dovecot config file /etc/dovecot/dovecot.conf and restart Dovecot service:

disable_plaintext_auth=no
ssl=yes

Again, it's strongly recommended to use only POP3S/IMAPS for better security.

Default and recommended setting configured by iRedMail is:

disable_plaintext_auth=yes
ssl=required

Allow insecure SMTP connection on port 25

Please comment out lines below in Postfix config file /etc/postfix/main.cf and reload or restart Postfix service:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

# force all clients to use secure connection through port 25
#smtpd_tls_auth_only=yes

All documents are available in GitHub repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.