Help with Secure Email

[TheCableGuy96]

Hi,

I'm wanting to force secure connections only for mail, both incoming and outgoing but need some clarification please...

Firstly, for collecting mail I have enabled to the following in dovecot.conf but does this cover both POP and IMAP?:
disable_plaintext_auth = yes

As for sending mail I can only find guides 10 years old on here. As I understand it (please correct me if I am wrong)

• anyone connecting to port 25 can connect can connect securely or insecurely using plain text, SSL or TLS, this is the default
• anyone connecting to port 465 is forced to use SSL and cannot use plain text or TLS
• anyone connecting to port 587 is forced to use TLS and cannot use plain text or SSL

If that is correct I just need to ensure I close port 465 as SSL is not secure like TLS? Then how do I stop connections for sending mail on port 25 so users are forced to use port 587? Or, How do I ensure you can only use TLS if using port 25?

Thanks for any help.

 

[TheCableGuy96]

Is there no one that can help me with this?

 

[zEitEr]

Hello,

Firstly, for collecting mail I have enabled to the following in dovecot.conf but does this cover both POP and IMAP?:
disable_plaintext_auth = yes

Yes, everything out side protocol PROTO_NAME {...} is considered to be global settings affecting all protocols. See for more details https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/

If that is correct I just need to ensure I close port 465 as SSL is not secure like TLS? Then how do I stop connections for sending mail on port 25 so users are forced to use port 587? Or, How do I ensure you can only use TLS if using port 25?

I believe you will find a reply here: https://forum.directadmin.com/threads/how-to-require-secure-connections-for-e-mail.43500/

 

[TheCableGuy96]

Hello,

Yes, everything out side protocol PROTO_NAME {...} is considered to be global settings affecting all protocols. See for more details https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/



I believe you will find a reply here: https://forum.directadmin.com/threads/how-to-require-secure-connections-for-e-mail.43500/

Hi zEitEr,

I looked at that thread but its 11 years old, did you notice that?

That's fine if it's still relevant but can you confirm this please?

Thanks for your help.

 

[zEitEr]

The current version of SpamBlocker is still 4.5.43 and uses the file:

# grep -n '/etc/exim.acl_check_recipient.mid.conf' /etc/exim.conf
404:  .include_if_exists /etc/exim.acl_check_recipient.mid.conf

 

[TheCableGuy96]

Sorry I'm officially confused, I'm only wanting to ensure that people can only connect with secure connections, I'm not interested in spamblocker?

 

[Richard G]

I'm not interested in spamblocker?

Don't worry. It's the same.
It's just exim.conf but the normal version was 2.1.1 and they adjusted it to be more compatible and be better at spam. Then it was named "spamblocker exim.conf" so there is where the name SpamBlocker is coming from.

 

[TheCableGuy96]

So are you saying I need to follow the guide and that will ensure only secure connections or am I looking in the replies for something? It's all a little confusing (sorry).

 

[zEitEr]

@Richard G thanks for stepping in and clarifying the things.

Sorry I'm officially confused, I'm only wanting to ensure that people can only connect with secure connections, I'm not interested in spamblocker?

A link to the suggested thread describes on how to achieve the desired on a DirectAdmin server with Exim. The mentioned control panel ships a configuration for Exim which is called Exim SpamBlocker.

If you need more understanding of the things, then you will need to read:

- Official exim docs: https://www.exim.org/docs.html
- DirectAdmin docs: https://docs.directadmin.com

and search the forums. Though the thread for which I posted a link to, is rather old, the method should still work. The things did not change since then much here.

Most question you might have when running a DirectAdmin server were already answered, that is why we don't explain everything to new posters, but rather provide a link to the same thread. That saves our time. We don't work for Directadmin, we are volunteers here.

The most active users here on the forums have enough experience in running and managing DirectAdmin servers. Some of us are running businesses by selling hosting with Directadmin, other of us are making living by providing an outsourced server support. Check a number of their replies and their status. They would have been already banned if they harmed users. So you might trust them.

If you need a solution, then you might follow the guide.

The most recent reply is dated to 2018 in the same thread on the page 2: https://forum.directadmin.com/threa...nnections-for-e-mail.43500/page-2#post-286159

If the guide did not work for you, then you are welcome to describe what exactly you did and what results you got.

In case you still don't trust replies on the forums, feel free to communicate with official DirectAdmin support via tickets. I hope you will trust at least them and official docs.