You don't say what sort of 2FA you're considering, but wouldn't you just tell Dovecot to use PAM, and then extend PAM to use a 2FA module. For example there's a Google Auth one available in the second link below.
https://doc.dovecot.org/configuration_manual/authentication/pam/ https://github.com/google/google-authenticator-libpam
P. (Not a dovecot expert, although I know a fair amount about Linux)
On 06/01/2020 19.58, Kees de Jong wrote:
My goal is to protect my mail account with 2FA, which isn't a crazy idea in 2020. Therefore, I would like to know the possibilities of configuring 2FA for Dovecot. In the documentation there are some hints of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where FreeIPA has the ability to enable OTP per user [3].
But I can't really find much practical information about such a setup. The documentation of Dovecot is quite silent about the OTP authentication mechanism and the same goes for the FreeIPA and Dovecot combination with OTP.
So my question is; is this even a supported setup? And if so, where is the documentation? And if not, what's the recommended method to secure your mail setup?