2FA for Dovecot

6 Jan 2020


      Hi,
My goal is to protect my mail account with 2FA, which isn't a crazy
idea in 2020. Therefore, I would like to know the possibilities of
configuring 2FA for Dovecot. In the documentation there are some hints
of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where
FreeIPA has the ability to enable OTP per user [3].
But I can't really find much practical information about such a setup.
The documentation of Dovecot is quite silent about the OTP
authentication mechanism and the same goes for the FreeIPA and Dovecot
combination with OTP.
So my question is; is this even a supported setup? And if so, where is
the documentation? And if not, what's the recommended method to secure
your mail setup?
I can imagine alternative solutions like putting the submission and
IMAP port behind a VPN and have all the clients use that VPN. And for
the public internet, simply use a web interface (e.g. Nextcloud with
Rainloop) which supports 2FA. But I prefer having OTP for e.g. Android
and Linux clients.
[1]
https://doc.dovecot.org/configuration_manual/authentication/authentication_m...
[2] https://www.freeipa.org/page/Dovecot_Integration
[3]
https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_...
--
Met vriendelijke groet,
Kees de Jong
De informatie opgenomen in deze e-mail kan vertrouwelijk zijn en is
uitsluitend bestemd voor de geadresseerde(n). Indien u deze e-mail
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de
afzender direct te informeren door de e-mail te retourneren. Aan deze
e-mail inclusief de bijlagen kunnen geen rechten ontleend worden,
tenzij schriftelijk anders wordt overeengekomen.
The information contained in this e-mail may be confidential and is
intended to be exclusively for the addressee(s). Should you receive
this e-mail unintentionally, please do not use the contents herein and
notify the sender immediately by return e-mail. This e-mail including
the attachments are not legally binding, unless otherwise agreed upon
in writing.
OpenPGP fingerprint: 0x0E45C98AB51428E6