This option tells Dovecot where to find the mail server's SSL
Certificate.
Edit /etc/dovecot/conf.d/10-ssl.conf and add or correct the
following line (note: the path below is the default path set by the
Dovecot installation. If you are using a different path, ensure you
reference the appropriate file):
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem"
SSL certificates are used by the client to authenticate the identity of the server, as well as to encrypt credentials and message traffic. Not using SSL to encrypt mail server traffic could allow unauthorized access to credentials and mail messages since they are sent in plain text over the network.
This option tells Dovecot where to find the mail server's SSL Key.
Edit /etc/dovecot/conf.d/10-ssl.conf and add or correct the
following line (note: the path below is the default path set by the
Dovecot installation. If you are using a different path, ensure you
reference the appropriate file):
ssl_key = </etc/pki/dovecot/private/dovecot.pem
SSL certificates are used by the client to authenticate the identity of the server, as well as to encrypt credentials and message traffic. Not using SSL to encrypt mail server traffic could allow unauthorized access to credentials and mail messages since they are sent in plain text over the network.
To prevent Dovecot from attempting plaintext authentication of clients, edit /etc/dovecot/conf.d/10-auth.conf and add\or correct the following line:
disable_plaintext_auth = yes
Using plain text authentication to the mail server could allow an attacker access to credentials by monitoring network traffic.
To allow clients to make encrypted connections the ssl
flag in Dovecot's configuration file needs to be set to yes.
Edit /etc/dovecot/conf.d/10-ssl.conf and add or correct the following line:
ssl = yes
SSL encrypt network traffic between the Dovecot server and its clients protecting user credentials, mail as it is downloaded, and clients may use SSL certificates to authenticate the server, preventing another system from impersonating the server.
The dovecot package can be removed with the following command:
$ sudo yum erase dovecot
If there is no need to make the Dovecot software available, removing it provides a safeguard against its activation.
The dovecot service can be disabled with the following command:
$ sudo systemctl mask --now dovecot.service
Running an IMAP or POP3 server provides a network-based avenue of attack, and should be disabled if not needed.