24 Feb
2014
24 Feb
'14
5:41 p.m.
On 24/02/2014 15:19, Hadmut Danisch wrote:
As far as I can see dovecot does not consider 127.0.0.1 as "secured" for any good reason, just to make debugging in plaintext easier. This is a severe security gap. Hadmut You could choose not to use localhost IP, but bind to the actual local IP of the host, even though it is on the local machine?
Is it only attaching to the 127.0.0.1 because you're binding to it by hostname as opposed to IP?
Just a thought...
-- Regards,
Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles@coochey.net