[Dovecot] Looking for a good way to manage passwords for CRAM-MD5
/dev/rob0
rob0 at gmx.co.uk
Tue May 14 20:39:34 EEST 2013
On Sun, May 12, 2013 at 05:40:10AM -0700, Professa Dementia wrote:
> On 5/12/2013 4:17 AM, Steinar Bang wrote:
> > I prefer not to use clear text passwords, even over an encrypted
> > connection.
>
> Why? Enforce the encrypted link by not allowing unencrypted
> connections. The simplest is iptables to block ports 110 and 143,
> while allowing 993 and 995.
I don't understand this advice. Why would someone who is apparently
interested in heightened transport security restrict himself to the
older generation SSL v.2, which was long ago superceded by TLS v.1?
http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0
http://wiki2.dovecot.org/SSL
Quoting from the latter page:
"Some admins want to require SSL/TLS, but don't realize that this is
also possible with STARTTLS (Dovecot has disable_plaintext_auth=yes
and ssl=required settings)."
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the dovecot
mailing list