Sv: 2FA/MFA with IMAP & postfix/submission

Benny Pedersen me at junc.eu
Thu Jul 15 15:41:24 EEST 2021


On 2021-07-15 07:26, Aki Tuomi wrote:
> Unfortunately the best way to do multifactor authentication today is
> to use OAUTH2, which isn't currently supported for own installations.
> Or you can use client certs.
> 
> If you want to use some kind of MFA with tokens, you end up having to
> feed your token all the time. So the best option, for now, is device
> passwords.

speculating :=)

weekforce policy server with 2fa, that just update allow_nets in dovecot 
user dict table, so all dovecot do is to check allow nets pr user from 
dict, i dont know if that is possible so imap / pop3 / lmtp and other 
service in dovecot dont need to mess with oauth2 or other complicated 
login system not supported everywhere

hope to see more stable security in dovecot with this, and certenly hope 
weekforce is not the only opensoure solution that is half dokumented :/

currently i just use ip2location in shorewall with asn numbers where i 
have known custommers, i got tired of blacklist random ips, bad idea 
hackers just could use another ip for free

no more fails here, it just remain to update microsoft servers with use 
port 465, 587, 993 without know passwords, who did dokument that ports 
is password less, shame on them




More information about the dovecot mailing list