[Dovecot] Patch: support URLAUTH, BURL, CATENATE
Timo Sirainen
tss at iki.fi
Mon Apr 12 16:42:19 EEST 2010
On 12.4.2010, at 16.18, Mike Abbott wrote:
>> With v2.0 it's possible to do:
>>
>> disable_plaintext_auth = yes
>> remote submit.domain.org {
>> disable_plaintext_auth = no
>> }
>>
>> I think that takes care of the need for X-PLAIN-SUBMIT?
>
> Wouldn't that allow anyone from submit.domain.org to use plaintext, rather than only submit users? I know X-PLAIN-SUBMIT is not pretty and there should be a better way. Not sure that's quite it though.
Yes, it allows submit.domain.org to use plaintext for all authentications. But typically your submit server wouldn't be trying to authenticate as anything else as the submit user, I think? I don't really see why submit user should be treated in such a special way here. If you're allowing plaintext auth from submit user, you already pretty much assume that the communication link between imap and submit server is safe. Then it shouldn't matter if it's submit user or some other user that authenticates from there.
In v1.2 you could also do something similar to this by adding the submit server's IP to login_trusted_networks.
More information about the dovecot
mailing list