This tutorial is available in other languages. Help translate more

Italiano /

Allow insecure POP3/IMAP/SMTP connections without STARTTLS


Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

With default iRedMail setting, all clients are forced to use POP3/IMAP/SMTP services over STARTTLS for secure connections. If your mail clients try to access mailbox via protocol POP3/IMAP without TLS support, you will get error message like below:

Plaintext authentication disallowed on non-secure (SSL/TLS) connections

This tutorial describes how to allow insecure connection for daily use.


If you just have 1 or few network devices like printer, firewall need to send email with insecure connection, please follow this tutorial instead: Allow internal network devices to send email with insecure connection.

Allow insecure POP3/IMAP connections

If you want to enable POP3/IMAP services without STARTTLS for some reason (again, not recommended), please update below two parameters in Dovecot config file /etc/dovecot/dovecot.conf and restart Dovecot service:


Again, it's strongly recommended to use only POP3S/IMAPS for better security.

Default and recommended setting configured by iRedMail is:


Allow insecure SMTP connection on port 25

Please comment out lines below in Postfix config file /etc/postfix/ and reload or restart Postfix service:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

# force all clients to use secure connection through port 25