In the support documents iRedMail states that all clients are forced to use POP3/IMAP/SMTP services over STARTTLS for secure connections (http://www.iredmail.org/docs/allow.inse … tions.html)

Checked /etc/dovecot/dovecot.conf though and
disable_plaintext_auth= yes
was set but not
ssl=yes

This may be more of a Dovecot question but is
disable_plaintext_auth= yes
all that is needed or is
ssl=yes
needed as well to force a secure connection?

Similar issue applies to Postfix. On a new (0.9.7) and old install of iRedMail
#smtpd_tls_auth_only = yes
is commented out by default in /etc/postfix/main.cf

Shouldn't this be commented in order to force secure outgoing connections?

The reason that bring this up is that the native iPhone Mail App is weird. Still don't know if it can use STARTTLS or not. Started noticing that lots of mail users are using port 143 with TLS turned off on iPhones. Since this is the case and not honestly sure if iPhones support STARTTLS want to make sure that iRedMail is forcing secure connections. From the above settings am not sure that this is he case but also know that lots of times iRedMail has settings in places that wouldn't expect to normally look for them (aka not in /etc/postfix/main.cf)

From testing it appears that secure connections are forced despite the above but having all the iPhones set to port 143 with SSL turned off makes me want to double check.

Thanks and no rush.

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Debian 9.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): None
- Manage mail accounts with iRedAdmin-Pro? No
====