On 02/05/2007 12:13, Eric wrote:
Dear Dovecot experts, I have a small home server debian based, with postfix/dovecot/squirrelmail installed locally and working. Dovecot is used non-secured (no imaps) but only on the 192.168.0.100 address (address of the server on the local network). I want to use squirrelmail to read my email from outside. Squirrelmail can configured to access it in particular, either through cram-md5 or login auths. In that situation, is it better (I mean more secure) to use : 1) auth mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication for dovecot) ? That will determine my dovecot configuration.
What Squirrelmail can do doesn't matter, you need to get your web server using SSL, so your password is encrypted going over the 'net to get to your home server. Then you may as well use 2.
Cheers,
John.