Allowed protocos for a given mailbox.

rosse

Hello everyone!

I have a straightforward question that I haven’t been able to find an answer to — either through documentation or expected behavior from the context.

What is the purpose of the “Allowed Protocols” setting for a given mailbox?
Is it supposed to allow or deny access to mail via the selected protocols?

I can’t seem to get it working as expected. As you can see in the attached screenshot, only SSO is allowed — which I assume refers to logging into the Mailcow UI itself. That, in turn (if configured), forwards you to your mailbox via SOGo, and you’re done.

The problem is that any mail client can still connect via IMAP/SMTP using user credentials without restriction. In other words, it does not deny access as it’s supposed to.

Is there something else that needs to be configured to make this work properly?

On the other hand, 2FA works as expected — when it’s enabled, users can’t access the server unless they’ve set up an app password.

Am I missing something here?

ETNyx

Can confirm, seems like a bug to me,… make an issue on github to get developers attention?

smlftz

I can confirm that.
In my tests, any mail client can still access the account using the normal password, even though all direct access has been disabled (tested with IMAP and SMTP).
An app password is only required once the second factor has been enabled. I had previously assumed that the app password would be required if the relevant direct access had been disabled.
The Mailcow version is 2025-7.

smlftz

I’ve seen that there is a bug report on GitHub for this issue:
mailcow/mailcow-dockerized6610

rosse

Hmm…I should improve my searching skills. I don’t know how I didn’t find this. Sorry for the post though, but it might prove useful for someone like me.

smlftz