3 Dec
2015
3 Dec
'15
3:46 a.m.
From /opt/src/dovecot-2.2.19/doc/wiki/PasswordDatabase.ExtraFields.Host.txt Login referrals are an IMAP extension specified by RFC 2221 [http://www.apps.ietf.org/rfc/rfc2221.html]. They're not supported by many clients, so you probably don't want to use them normally. Right. The following clients are known to support login referrals:
- Pine
- Outlook (but not Outlook Express) We use neither. Login referrals are used only if the proxy field isn't set. We want neither LOGIN-REFERRALS nor proxy.
Dovecot's configure includes the following by default:
capability_banner="IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE" If the extension is simply hidden from the banner, an attacker could still use the extension.
If one removes the string from the banner above, one merely hides the extension name in the banner, or also disables the extension's engine?