How to I enable SSL/TLS with Dovecot (the POP3 and IMAP server)?
With RedHat/Fedora/CentOS its fairly easy.
Self-signed certificates are already made for you.
So just uncomment the following lines in /etc/dovecot.conf
# Disable SSL/TLS support?
ssl_disable = no
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
Optionally, if you don't want to let anybody login without SSL or TLS do this:
disable_plaintext_auth = yes
Finally, restart dovecot:
systemctl restart dovecot
Don't forget to test with a mail client like Thunderbird.