pop 110/995, imap 143/993 ?
Peter
peter at pajamian.dhs.org
Tue Aug 22 23:29:33 EEST 2017
On 22/08/17 20:07, Robert Wolf wrote:
> On Tue, 22 Aug 2017, Aki Tuomi wrote:
>
>> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
>> have enabled something like cram-md5.
>
> exactly, this is the reason, why plain-text is still needed. You don't need
> encryption for authentication, if you have secure authentication. Without
> knowing original password, the MITM cannot generate correct hash for login, so
> the connection can be plain-text.
In order to support non plain-text login types the passwords themselves
have to be stored in plain-text. If you use PLAIN but only allow
authentication over a secure channel then you get the best of both
worlds, you can store your passwords as a hash and they are not
transmitted as plain text over the internet.
Peter
More information about the dovecot
mailing list