Honestly, I think that's too much work for almost no gain. Bots can do password guessing just as easily via IMAP or SMTP AUTH so there is little reason to think that trying to block POP3 access to them will do any extra good at all.
If you want to put rate limiting in place then that's all good but you'd best do it with all your entry points, not just POP3, and there's no practical reason to actually prevent a user from using POP3 if that's what they want (it limits features they have access to, nothing more).
Peter
On 2/03/22 1:23 pm, Sebastian Nielsen wrote:
However, you SHOULD IMHO lock the access so it has to be manually opened for each user that wants it. Another way is to do a PTR lookup on IP and [DROP] the packet if its not a google IP.
And then have a IP restriction on IMAP and also 587/SMTP Auth. This because there is bots out there that guess passwords and then send spam.
By locking access for POP3 by Google IP, you ensure it can only be used with the fetch feature of Gmail (which do have account-wise rate-limits to prevent password hacking). In this way, you increase security. Of course it must be combined with IP restrictions and firewalling for IMAP and Auth on 587 aswell.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org dovecot-bounces@dovecot.org För Harlan Stenn Skickat: den 2 mars 2022 01:15 Till: Peter peter@pajamian.dhs.org; dovecot@dovecot.org Ämne: Re: Does disabling POP3 just mean removing it from the protocols list?
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem.
H
On 3/1/2022 3:13 PM, Peter wrote:
The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3.
Peter
On 2/03/22 10:54 am, Sean McBride wrote:
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean