On Wednesday, April 23, 2014 10:57:23 AM CEST, Urban Loesch wrote:
Am 23.04.2014 10:38, schrieb Benjamin Podszun:
On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote: ...
Yes that is correct and I knew that when I configured the setup. But I can't manipulate the clients.
If that is correct every user might send their credentials over unsecured connections?
Yes, that is a disadvantage. As I just said, I can't change that.
In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login.
I guess I'd either
- drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup)
Can you help me to upgrade/fix 40k users, which have no idea how to change the settings of a mail client? Send me your phonenumber and I will redirect all requests of that to you :-)
You will see very quickly that it's not practicable to force all users to use SSL at the same time. With this setup I can bring users step by step to use SSL.
I haven't defined an hourly rate so far, but I could think about something here.. ;-)
Really, my 'you' in most of the reply was about Dan's requirement/targeting the thread: He has system users, probably with shell access(?) and wants to protect those 'more' than virtual users, as far as I understood. I claim that his requirement is hard to implement/next to impossible.
You on the other hand .. have other issues. ;) Takeaway from my response to you, Urban, should've been: "I don't think your workaround helps with the original author's requirement", not "Fix your own setup!".
Ben