Phone Lines icon GFI Support Home

Articles in this section

See more

Understanding IMAP and IMAPS Protocol Behavior

Author: Vladyslav Velychko Updated

Overview

The customer sees both IMAP and IMAP Secure protocols using Secure connection. 

The following is displayed under the Kerio Connect Administration > Status > Active Connections:

006.jpg

You may receive a query wherein the customer wants to know why IMAP Secure and IMAP protocols are both marked as secure under the Active Connections tab.

Sample email from a customer:

Dear Kerio Tech Support,
I am monitoring our users' settings to ensure that they are using a secure connection.
I notice that one user here is only using “IMAP” as opposed to “IMAP Secure,” yet under the “Secure” column, it says “Yes” for Secure.
Could you please explain why it is saying “Yes” for “Secure,” yet the user is only using “IMAP” rather than “IMAP Secure.”
For tighter security, should she be using “IMAP Secure”?

This article explains the behavior of IMAPS and IMAP Protocol within Kerio Connect and the considerations for switching to IMAP Secure protocol.

 

Information

The reason both IMAP Secure and IMAP protocols are marked as secure is because of the configuration chosen by the client, as explained below.

 

Understanding How IMAPS and IMAP Protocols Work

  • IMAPS: also commonly referred to as IMAP over SSL

    IMAPS (IMAP over SSL) means that IMAP traffic travels over a secure socket to a secure port, typically TCP port 993. Assuming that an SSL certificate is in place, there should not be anything further that needs to be enabled on the server. Modify your mail client configuration to point to the IMAP server over secure port 993.
    Note: If you try to establish a connection to port 993 from a non-secure client such as Telnet, the connection will fail.

  • IMAP over STARTTLS: also known as IMAP over TLS

    IMAP with TLS will result in IMAP traffic crossing the network unencrypted, initially at least.

    This unencrypted channel can then be switched to an encrypted one if both the client and server support the STARTTLS command and proceed to initiate the STARTTLS handshake. To use this method, you should look for references to TLS or STARTTLS in your client's connection methods and then enable these. The client is configured to communicate on the default IMAP TCP port of 143. As Kerio Connect supports STARTTLS, the connection gets encrypted using this technology. Hence, rendering the connection as secure.

To summarize, you do not need to switch to the IMAP Secure protocol, as long as it is showing “Yes” under the “Secure” column for the IMAP protocol.

Additional Information

Services in Kerio Connect

StartTLS (Opportunistic TLS)

 

Back to Top

Related articles