[Dovecot] May Dovecot help in users education

Noel Butler noel.butler at ausics.net
Thu Aug 18 01:32:36 EEST 2011

On Wed, 2011-08-17 at 16:05 +0200, Laurent CARON wrote:

> On 17/08/2011 16:00, Alexandre Chapellon wrote:
> > Is there any way to achieve this with dovecot? Does anybody have another
> > idea smoothly force used to switch to TLS?
> Hi,
> Maybe by sending them an email with a deadline for the end of clear text 
> auth support ?

This is the best method, give them at least 30 days notice (preferably
90 days), the notices should include a link to a kb/support site showing
them how, not doing this will clog up your support lines for sure.

Send subsequent warning notices, with slightly stronger language each
time, at 21 days, 14 days and 7 days, 3 days and 1 day.
We did this when we cut out relaying for IP's and moved entirely to smtp
auth, so its much the same thing - getting them to change settings.

A safe guard though, if you tell them, say 1st October cut off, don't
actually cut off until a week or two after. 

Yes, you'll still find some have not done it, but that's the nature of
some people.

> If they don't amend their setup they'll be unable to retrieve their emails.
> Should you want to go the "nicer" way, you could throttle bandwidth to 
> port 110/143 provided you use those for insecure connections.

That's not the right thing to do, TLS uses those ports too, it's SSL
that does not, and it's pointless using other ports, you'll end up
creating more problems than what it's worth.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20110818/b076bf45/attachment-0002.bin>

More information about the dovecot mailing list