On Monday 08 May 2006 15:02, Les Mikesell wrote:
On Mon, 2006-05-08 at 02:51, Rainer Frey wrote:
Additionally, we now want to allow encrypted IMAP from the internet (for some defined accounts), preferably with TLS (which means I open Port 143 in our firewall).
Keep in mind that you can't keep the users from sending plain text passwords. All you can do on the server side is make it not work when they do - but that doesn't mean they'll stop doing it. You might be better off using imaps on port 993.
Phew - good point. I just checked with a test installation and KMail an Thunderbird. KMAil and Thunderbird 1.0.8 both ask for CAPABILITY, Dovecot sends (among others) LOGINDISABLED, and both send a login command with cleartext password nontheless. Thunderbird 1.5 does not try this, it sends logout after it retrieves the LOGINDISABLED capability.
Well, I guess I'll open Port 993 only then.
Rainer
Software Development
Inxmail GmbH Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany