[Dovecot] Detail improvement: %c variable

Reindl Harald h.reindl at thelounge.net
Sun Feb 23 22:37:55 UTC 2014


Am 23.02.2014 23:27, schrieb Hadmut Danisch:
> But if the web gateway and dovecot are no the /same/ machine, this does
> not work anymore, since %c becomes "secured" on localhost, even if
> unencrypted. It causes a lot of trouble and headache

what headache?

how do you imagine a man-in-the-middle-attack on 127.0.0.1

> Please add a configuration variable to configure, whether %c
> should become "secured" for unencrypted traffic on the loopback
> device (localhost)

to gain exactly what?

frankly for practical usage epect debugging even a fallback to
no encryption at all on loopback would be sane and for the
sake of reduce useless overhead fine

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140223/8cf67e37/attachment.sig>


More information about the dovecot mailing list