Strategies for protecting IMAP (e.g. MFA)
William Edwards
wedwards at cyberfusion.nl
Sun Nov 14 09:05:46 UTC 2021
> Op 13 nov. 2021 om 22:17 heeft Tyler Montney <montneytyler at gmail.com> het volgende geschreven:
>
>
> With the world of ransomware as it is today (aka attacks seem more vicious and commonplace), anything I expose to WAN must have additional protection. I've seen a few posts to this list on it. The only thing that helped was that Dovecot supports OAuth. Through OAuth I figure I could implement MFA. However, I'd have to host my own identity server. From there, Thunderbird supports OAuth so that should work.
>
> Since this is getting increasingly complicated, I wanted to ask before going further. What do you all do? Any recommendations?
If I remember correctly, Dovecot is able to do IP whitelisting in the userdb or passdb. That way, you don’t have to close your mail ports, but you can add an additional layer of protection with an IP whitelist per mailbox.
More information about the dovecot
mailing list