Hi all,
I'd like your opinions to add to my own opinion.
Bottom line question: If I trust everybody with physical access to my Daily Driver Desktop (DDD) computer, my Dovecot IMAP runs on my DDD, I access my Dovecot IMAP *exclusively* from my DDD, and I trust everybody with physical access to my DDD (that would be my wife), then if I serve out IMAP on localhost (127.0.0.1), am I being unduly risky using plain text auth (port 143)?
Details:
I use a Dovecot IMAP server, on my DDD, specifically to hold all my email messages. Therefore, I can use any IMAP aware email client, interchangeably, to view every email I've received since April 2001. People whose emails are held by their email clients are "locked in" to their email client unless they convert their email data. I can switch between Evolution and Claws-Mail, because one of the two is always doing something stupid. Bottom line: I use Dovecot IMAP exclusively to hold my emails and folders. Graphical description below:
ISP ---> My --------> procmail --> Dovecot IMAP fetchmail Maildir | | V email <--- Dovecot client IMAP server
For the time being, I don't need to access my Dovecot IMAP from any computer except my DDD, and therefore, I can serve Dovecot IMAP on 127.0.0.1.
So here's my question. Assuming (and I know this is a big assumption) I'm not worried about somebody gaining physical possession of my DDD, is there any reason not to use plain text to access this server?
Thanks,
SteveT
Steve Litt http://444domains.com