[Dovecot] Authentication in outlook
Michael Surette
msurette at laframboise.net
Fri Nov 3 14:16:40 UTC 2006
On Friday 03 November 2006 05:00, Gerard Seibert wrote:
> On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
> > Unfortunately, Outlook makes trouble with self signed SSL certs: It
> > requires to accept the certificate again after every restart, what is
> > very annoying for the users and makes it hard to recognize forged
> > certs. So you will have the choice to allow password sniffing, annoy
> > your users, buy an official cert - or to get a decent mail client
> > installed.
>
> I would vote for the 'Official Cert' option. Seriously, unless you are
> running a home based operation, why would you not be employing a
> properly signed certificate. After all, if you are offering SSL on your
> mail server, you are going to need a signed certificate or else risk
> having problems with other servers that are going to flag your server
> form using self signed certificates.
If you're going to go the self-signed route, you may as well create your own
CA as I did. It's only a few more steps and then you can supply the CA's
certificate to the clients accessing your server for inclusion in
their "trusted root certificates". After all, I can trust my certificates
even more than I trust Verisign. The annoying messages then go away. After
all it's only your clients accessing your pop server, not the general public.
Not that I've ever had a problem with the smtp side with that setup.
> By the way, I think Outlook's alerting users of the use of self signed
> certificates is a good idea, although it should also have a mechanism in
> place to stop those warnings on a permanent basis. Then again, if they
> did, someone would complain about that. You cannot make everyone happy.
You mean like Thunderbird, as well as most non-Microsoft clients I've tried.
Most people I know are happy with that solution.
My 2c too.
Mike
More information about the dovecot
mailing list