On Wednesday, April 23, 2014 10:50:37 AM CEST, Dan Pollock wrote:
On Apr 23, 2014, at 1:38 AM, Benjamin Podszun dar@darklajid.de wrote:
On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: ...
I would like to move everyone onto more modern mail programs, but at the moment I have a couple of them that are stuck using very old software installed for them on work computers. The rest of my clients can connect on ports 993 and 995 without it being a problem.
What's wrong with starttls? How are the ports relevant? Do you happen to know what the problem is? Total lack of TLS support (I .. cannot quite believe that) or is it a problem with key sizes/ciphers or whatever, i.e. with your configuration vs. the legacy apps?
It's far from a perfect setup.
This is quite easy to set up on Courier-imap, but for a number of reasons I would much rather be using Dovecot. (In courier-imap, you can configure different password databases independently for each of pop3, imap, pop3-ssl and imap-ssl.)
Which is really not that helpful, I think. Joe random system user can still set up his mailclient to point to mail.yourdomain.tld and try to login unencrypted. You'll only deny him afterwards (even with a different password DB), after the password was transmitted over unencrypted wifi in his local StarBucks™ or equivalent. Or what am I missing here? All system users are too clever for that? In that case they can already use the ports listed above (or set their mail client to require starttls on 143/110). If they're not that security conscious, what protects them from the scenario above?
Given that Dovecot features seem to be a superset of those from Courier-imap so far, I was hoping this configuration option would exist there as well.
See above: What would you gain? Would that actually help you? In the end it's your setup and I don't want to come across and say "You're doing it wrong" here, but so far it's hard to see what you're trying to archive with that .. feature?
Regards, Ben