26 Jan
2005
26 Jan
'05
3:02 a.m.
dovecot-bounces@dovecot.org wrote:
Dovecot 0.99.13.
I've noticed that the condition
client->secured = ssl || (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
(in (imap-login|pop3-login)/client.c) isn't enough, at least not when running from inetd. The thing is that you will come across
ffff:127.0.0.1, which is secure, but not covered by the above.
I thought I saw someting on this earlier, but in that case I cant't find it now.
Yes I mentioned something about it in a message titled, "RE: [Dovecot] Plaintext Authentication from Localhost"
On 19-Jan-2005.
Seems to be a bug. At least it didn't work quite right for me.
John