lnxgeek Hi What is the best way to only allow IMAPS for clients? I don’t want clients to unintentionally connect via cleartext IMAP.
D4niel Any modern mail client won’t let you connect unencrypted “unintentionally”. Also there isn’t just IMAPS but also STARTTLS through the standard IMAP port. Just because it’s not IMAPS doesn’t mean it’s unencrypted.
lnxgeek I just want to be sure no one can communicate unencrypted even when they are phished or tricked in any way (or the client is broken).
mlcwuser If you have a firewall in front of your server, you could simply block, or not allow/forward, the corresponding ports. If the server is directly connected to the internet, without a firewall in between, it gets more complicated. See here: https://docs.mailcow.email/prerequisite/prerequisite-system/?h=iptable#firewall-ports and here: https://docs.docker.com/network/packet-filtering-firewalls/ Please make sure you fully understand how iptables, and specifically the DOCKER-USER chain works, before you start messing around with it on your production instance!
lnxgeek mlcwuser Thanks. Blocking the ports was my last resort as I like to disable stuff I don’t want. But thanks for the input anyway :-)