Hi
What is the best way to only allow IMAPS for clients?
I don’t want clients to unintentionally connect via cleartext IMAP.

Any modern mail client won’t let you connect unencrypted “unintentionally”.
Also there isn’t just IMAPS but also STARTTLS through the standard IMAP port. Just because it’s not IMAPS doesn’t mean it’s unencrypted.

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

I just want to be sure no one can communicate unencrypted even when they are phished or tricked in any way (or the client is broken).

If you have a firewall in front of your server, you could simply block, or not allow/forward, the corresponding ports. If the server is directly connected to the internet, without a firewall in between, it gets more complicated. See here: https://docs.mailcow.email/prerequisite/prerequisite-system/?h=iptable#firewall-ports

and here: Docker Documentation Icon Packet filtering and firewalls
Docker Documentation Icon Docker Documentation
Packet filtering and firewalls
How Docker works with packet filtering, iptables, and firewalls
Docker Documentation

Please make sure you fully understand how iptables, and specifically the DOCKER-USER chain works, before you start messing around with it on your production instance!

    mlcwuser Thanks.
    Blocking the ports was my last resort as I like to disable stuff I don’t want.

    But thanks for the input anyway :-)

    No one is typing