-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 24 Feb 2014, Andreas Schulze wrote:
Hadmut Danisch:
I did not say that I did not trust 127.0.0.1. I said that I do not trust the Web-IMAP-Gateway (such as squirrelmail) if the client uses an untrusted computer.
the question to me is: why could Hadmut Danisch not configure dovecot use an non default trust state for localhost for whatever reasons?
because this setting is hardcoded but should be configurable for him.
Probably if one goes to implement such option, it would be also a good thing to let this be configurable using "local" blocks. I mean, in order to enable/disable the implicit trust per IP address. That way one could point one service, such as the web frontend, on an IP adsress, that defaults to "not secured", but have others that default to "secured".
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUwxN+XD1/YhP6VMHAQL7XQgA0mEj0UShy+yUdlLVXNCeH/fD9Qy8ZPAB bkyIsUeWc5lDGwrj5Dgz6c06cLo5YHh67hNzmINiYoY5FwAu2iDuwC7ASq1U2n+3 ZPy/eo4+p3SA9vRVIWOv4PK9Sy7zpm0kypkmCzzrUKXt7WdE275P+dGyF5dvwKjS dGJGhcfWG920YJ4/BbnjyonE3SbduCSylvmu/3e4B6KNkRHAsOLClcVI+Xrcb3CU Q5pdnjZWJ0FIKPIu2D4GvbD0Bsyml/JnYEeZfHdZ88rItNWOCpDuO3KmkjBvaCMx MdXLRjxP/EnhkzRikHUC9uHUlhjsk9mLQLJm8/a+PFprFZ4cIv3e6Q== =c9Qh -----END PGP SIGNATURE-----