[Dovecot] Authentication in outlook

Amon Ott ao at rsbac.org
Fri Nov 3 10:35:27 UTC 2006


On Freitag 03 November 2006 11:00, Gerard Seibert wrote:
> On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
> 
> > Unfortunately, Outlook makes trouble with self signed SSL certs: 
It 
> > requires to accept the certificate again after every restart, what 
is 
> > very annoying for the users and makes it hard to recognize forged 
> > certs. So you will have the choice to allow password sniffing, 
annoy 
> > your users, buy an official cert - or to get a decent mail client 
> > installed.
> 
> I would vote for the 'Official Cert' option. Seriously, unless you 
are
> running a home based operation, why would you not be employing a
> properly signed certificate. After all, if you are offering SSL on 
your
> mail server, you are going to need a signed certificate or else risk
> having problems with other servers that are going to flag your 
server
> form using self signed certificates.

I am only speaking about IMAP/POP3 servers here. What other server is 
supposed to access an IMAP or POP3 server? Sure an official cert is 
better, but it also costs extra money.

As long as an IMAP/POP3 server is only accessed from inside a company 
and not available from outside, self signed is fine for me. Most 
clients will only warn when the cert has changed. If the cert has 
been renewed after a year or such, people can still verify the 
signature from other sources, but not every day.

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22


More information about the dovecot mailing list