16 Jun
2015
16 Jun
'15
2:29 a.m.
On Mon, 15 Jun 2015 20:26:28 +0200, I wrote:
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
Then Alex wrote:
It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
Not sure about the age of my clients' mail programs, but I have ssl=required in 10-ssl.conf. Need more to lock it down?