[Dovecot] Authentication in outlook

Michael Surette msurette at laframboise.net
Fri Nov 3 14:16:40 UTC 2006


On Friday 03 November 2006 05:00, Gerard Seibert wrote:
> On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
> > Unfortunately, Outlook makes trouble with self signed SSL certs: It
> > requires to accept the certificate again after every restart, what is
> > very annoying for the users and makes it hard to recognize forged
> > certs. So you will have the choice to allow password sniffing, annoy
> > your users, buy an official cert - or to get a decent mail client
> > installed.
>
> I would vote for the 'Official Cert' option. Seriously, unless you are
> running a home based operation, why would you not be employing a
> properly signed certificate. After all, if you are offering SSL on your
> mail server, you are going to need a signed certificate or else risk
> having problems with other servers that are going to flag your server
> form using self signed certificates.

If you're going to go the self-signed route, you may as well create your own 
CA as I did.  It's only a few more steps and then you can supply the CA's 
certificate to the clients accessing your server for inclusion in 
their "trusted root certificates".  After all, I can trust my certificates 
even more than I trust Verisign.  The annoying messages then go away.  After 
all it's only your clients accessing your pop server, not the general public.  
Not that I've ever had a problem with the smtp side with that setup.

> By the way, I think Outlook's alerting users of the use of self signed
> certificates is a good idea, although it should also have a mechanism in
> place to stop those warnings on a permanent basis. Then again, if they
> did, someone would complain about that. You cannot make everyone happy.

You mean like Thunderbird, as well as most non-Microsoft clients I've tried.  
Most people I know are happy with that solution.

My 2c too.

Mike


More information about the dovecot mailing list