[Dovecot] Avelsieve 1.9.7 and Dovecot/TLS
Steffen Kaiser
skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Wed Apr 30 15:10:30 EEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 30 Apr 2008, Michael Firnau wrote:
Hello,
> With my limited time and debugging possibilities i've found that the
> dovecot managesieve server seems to send capability lines 'automagically'.
http://tools.ietf.org/html/draft-martin-managesieve-08#section-2.2
"After the TLS layer is established, the server MUST re-issue the
capability results, followed by an OK response. This is necessary to
protect against man-in-the-middle attacks which alter the
capabilities list prior to STARTTLS. This capability result MUST NOT
include the STARTTLS capability."
Bye,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIGGG4VJMDrex4hCIRAs2hAJsHolfH3LE2R+4uMT5h+RHh+WBxNwCgyjcp
2fo/Z/tawNLqnwV2YvPU+kA=
=Os2c
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list