[Dovecot] Enabling security on POP3 and IMAP

Richard Hobbs richard.hobbs at crl.toshiba.co.uk
Thu Sep 3 11:38:02 EEST 2009


Hello,

Currently, on our new test server, I am offering IMAP on 143 and POP3 on
110.

We would like to enable security on both of these protocols to attempt
to eliminate the risk from an internal
password-grabbing/content-grabbing attack.

I presume this would mean enabling SSL, and a more securure
authentication, right? Or are plain text passwords just sent over the
SSL, and therefore perfectly secure?

Also, what are the steps to enable security for these protocols on an
already-configured server?

Is it possible to offer encrypted and non-encrypted services
simultaneously, so people have a choice of whether they want security or
not? I know that's a bit weird, but for testing it would be useful.

Finally, is there a way to monitor which users are connecting over the
secure ports and which users are connecting over the non-secure ports?

Thanks in advance!

Richard.

-- 
Richard Hobbs (IT Specialist)
Toshiba Research Europe Ltd. - Cambridge Research Laboratory
Email: richard.hobbs at crl.toshiba.co.uk
Web: http://www.toshiba-europe.com/research/
Tel: +44 1223 436999        Mobile: +44 7811 803377
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3306 bytes
Desc: S/MIME Cryptographic Signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20090903/dd15134b/attachment.bin 


More information about the dovecot mailing list