pop 110/995, imap 143/993 ?
Robert Wolf
r.wolf.conf at gmail.com
Tue Aug 22 11:07:49 EEST 2017
On Tue, 22 Aug 2017, Aki Tuomi wrote:
> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
> have enabled something like cram-md5.
Hi,
exactly, this is the reason, why plain-text is still needed. You don't need
encryption for authentication, if you have secure authentication. Without
knowing original password, the MITM cannot generate correct hash for login, so
the connection can be plain-text.
Of cource, if you then download your emails, the MITM can still read these
emails too, if these emails are plain-text (not encrypted using e.g. SMIME or
GPG). But he cannot misuse your login.
Regards,
Robert Wolf.
More information about the dovecot
mailing list