Sv: 2FA/MFA with IMAP & postfix/submission
Alex
mysqlstudent at gmail.com
Thu Jul 15 17:52:34 EEST 2021
Hi,
> Unfortunately the best way to do multifactor authentication today is to use OAUTH2, which isn't currently supported for own installations. Or you can use client certs.
>
> If you want to use some kind of MFA with tokens, you end up having to feed your token all the time. So the best option, for now, is device passwords.
Client certs appears to be a good solution.
What's the process for managing them with more than a hundred client accounts?
I believe the problem they are trying to solve is hacked accounts from
compromised passwords. Does client certs solve that problem?
Perhaps there are dovecot (and postfix submission) options to at least
restrict access by IP?
More information about the dovecot
mailing list