How do I enforce the use of SPOP?

Question

Is there a way to force SPOP only connections i.e. to stop mail clients retrieving mail unless through a secure connection?

Alternatively is it possible to run POP and SPOP connections on different ports?

Answer

If GMS Secure Socket Layer is enabled on server the POP service answers on two ports automatically:

1. 110 – this is the standard POP port, the STLS command can be used to switch into secure (SSL) mode.
2. 995 – this is the default port for secure POP connections, all communication with this port should be via GMS Secure Socket Layer.

If you wish to stop all standard POP communication and force all clients to use GMS Secure Socket Layer for POP communications there are currently two alternatives.

1. block access to port 110 at the firewall and leave open access to port 995. This way only the POP SSL port would be available to the mail clients.
2. change the standard POP port to something other than 110 so that non SSL clients can not find it.

See Also:

• Does GMS support SPOP?

Keywords:SPOP, SSL, TLS, Secure, POP