Changes

Now we'll will ensure that our '''Dovecot ''' connection is secure, and we'll enforce thatpolicy. With SMTP , you will need to allow plain text connections because since that's is the only way method to pass email from server-to-server. With IMAP , there is no server-to-serverinteraction, but rather only client-to-serverinteraction. The only reason to have an unencrypted IMAP connection would be if your '''IMAP server ''' and '''IMAP client ''' were the <u>same </u> machine (this would be the case with situation when using webmail).

Let's start by generating a new certificate for Dovecot on vm3''Perform the following steps:'''

The :'''NOTE:''' This process is identical to what you've done for the vm2 certificate. In fact if your IMAP and SMTP servers are on the same machine - (i.e. you can share the certificate between them). In our case , they're are not on the same machine.

Now <ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''10-auth.conf ''' <u>and </u> '''10-ssl.conf to ''' files and change the following settings:

* <source lang="bash">ssl = required* ssl_cert = <path_to_your_crt_file* ssl_key = <path_to_your_key_file* disable_plaintext_auth = yes* protocols = imaps (instead of imap)</source>

<ol><li value="3">Your key/certificate dondoesn't have a '''.pem ''' extension but they are PEM-encoded files. You can confirm that using the '''file''' command. If you're interested - here's some documentation about [http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot SSL configuration].</li></ol>