Question
GMS supports two different mechanisms for providing encryption for e-mail retrieval. These include:
IMAPS – also commonly referred to as IMAP over SSL.
IMAP over STARTTLS- also known as IMAP over TLS.
Answer
Both these encryption mechanisms require an SSL certificate to be installed on the server.
More information about how to obtain a certificate can be found under the ‘See also’ section at the bottom of this article.
IMAPS (IMAP over SSL) means that IMAP traffic travel over a secure socket to a secure port, typically TCP port 993.
Assuming an SSL certificate is in place, there shouldn’t be anything further that needs to be enabled on the server. At this point, modify your mail client configuration to
point to the IMAP server over secure port 993.
Please note: If you try to establish a connection to port 993 from an non SSL client such as Telnet, the connection will fail.
IMAP with TLS will result in IMAP traffic crossing the network unencrypted, initially at least.
This unencrypted channel can then be switched to an encrypted one if both the client and server support the STARTTLS command and proceed to initiate the STARTTLS handshake. To use this method, you should look for references to TLS or STARTTLS in your clients connection methods and then enable these. Your client should be configured to communicate on the default IMAP TCP port of 143. To enable IMAP with TLS on the server side, you will need to add/edit a system variable in GMS known as IMAPAuth
This variable takes a space separated string of numbers whereby specifying 1 2 3 4 would enable all of the following:
1 is AUTH=LOGIN
2 is AUTH=DIGEST-MD5
3 is AUTH=CRAM-MD5
4 is AUTH=PLAIN
So, if you wanted to enable only AUTH_PLAIN, you would set this as 0 0 0 4
See Also:
- Which Type of SSL Certificate should I choose?
- What is Secure Socket Layer (SSL)?
- What is keycert.exe and what files does it create?
- How do enable editing of Variables?
Keywords:imap ssl imaps secure tls encrypt starttls IMAPAuth plain auth