[Dovecot] disable_plaintext_auth, inetd, localhost, IPv6, and mapped addresses

Villalovos, John L john.l.villalovos at intel.com
Wed Jan 26 03:02:37 EET 2005


dovecot-bounces at dovecot.org wrote:
> Dovecot 0.99.13.
> 
> I've noticed that the condition
> 
> 	client->secured = ssl ||
> 		(IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
> 		(IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
> 
> (in (imap-login|pop3-login)/client.c) isn't enough, at least not when
> running from inetd. The thing is that you will come across
>>> ffff:127.0.0.1, which is secure, but not covered by the above.
> 
> I thought I saw someting on this earlier, but in that case I
> cant't find
> it now.

Yes I mentioned something about it in a message titled, "RE: [Dovecot]
Plaintext Authentication from Localhost"

On 19-Jan-2005.

Seems to be a bug.  At least it didn't work quite right for me.

John


More information about the dovecot mailing list