[Dovecot] disable_plaintext_auth, inetd, localhost, IPv6, and mapped addresses

Magnus Holmgren holmgren at lysator.liu.se
Tue Jan 25 19:37:23 EET 2005


Dovecot 0.99.13.

I've noticed that the condition

	client->secured = ssl ||
		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
		(IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);

(in (imap-login|pop3-login)/client.c) isn't enough, at least not when 
running from inetd. The thing is that you will come across 
::ffff:127.0.0.1, which is secure, but not covered by the above.

I thought I saw someting on this earlier, but in that case I cant't find 
it now.

Cheers,
Magnus Holmgren
holmgren at lysator.liu.se


More information about the dovecot mailing list