pop 110/995, imap 143/993 ?
Aki Tuomi
aki.tuomi at dovecot.fi
Tue Aug 22 09:24:35 EEST 2017
On 22.08.2017 03:56, Peter wrote:
>>> Lest anyone think STARTTLS MITM doesn't happen,
>>>
>>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
> Right, the attack does happen, but it can be prevented by properly
> configuring the server and client.
Dovecot, by default, requires STARTTLS before accepting plaintext
authentication when SSL is configured and you are not connecting from
localhost. You can verify this by telnetting to port 143 from somewhere
else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
have enabled something like cram-md5.
I think postfix, by default, will also prevent authentication without
transport security.
Also, you should probably using 587/tcp (submission) for sending mail,
instead of 25. Some reputable ISPs prevent connecting to random MX
servers to port 25 to make life harder for spambots.
Aki
More information about the dovecot
mailing list