26 May
2020
26 May
'20
10:21 a.m.
Hi,
On 25/05/2020 23:04, Voytek wrote:
jumping here with a question, if I use 143 with STARTTLS, and, force TLS/SSL in configuration, that's equivalent from security POV, isn't it? and, same for 110 STARTTLS? Or am I missing something? Interesting point, after some googling, I think you are right, and as long as we have set "disable_plaintext_auth = yes" (and we have that) we should be fine keeping 143 open. Right?
One doubt I had: "disable_plaintext_auth = yes" sounds as if only the authentication part is secured, and the rest is kept plain text, whereas with 993/SSL, *everything* would be encrypted?
Or am I missing something? (then perhaps someone can point it out?)
Thanks, MJ