How can I know if a user is connecting to email correctly using SSL on IMAP and/or POP3

[microvax]

Hello,
I recently had a problem with the SSL certificates of one of my cPanel accounts
because the AutoSSL feature couldn´t renew the certificates due to a blockage caused by
the Cloudflare proxy.

So I ended purchasing a SSL certificate from PositiveSSL for the hostname mail.mydomain.com
which is the most problematic due to the requirements from Apple email clients, however I still
don´t know if all of my users are connecting with SSL or TLS.
Is there a way to know that from the exim_log or maillog files?

 

[cPRex]

Hey there! Yes, you'd be looking for login data in side /var/log/maillog. A successful login from a mail client using IMAP looks like this:

Mar 31 08:26:19 host dovecot[3533518]: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=1.2.3.4, lip=4.3.2.1, mpid=3918872, TLS, session=<EWEBUTH4qsVou/IO>
Mar 31 08:26:19 host dovecot[3533518]: imap([email protected])<3918872><EWEBUTH4qsVou/IO>: Disconnected: Logged out in=9, out=515, bytes=9/515
Mar 31 08:26:19 host dovecot[3533518]: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=1.2.3.4, lip=4.3.2.1, mpid=3918874, TLS, session=<beoEUTH4q8Vou/IO>

In this example, the IP of 1.2.3.4 is the user's IP, and 4.3.2.1 is the server IP they are connecting to. Searching for the user's IP in that file should provide you with the details you need.

You'll also note the TLS entry in the connection, indicating that a secure connection was used.

Let me know if this helps!