Does disabling POP3 just mean removing it from the `protocols` list?
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because
everyone is using IMAP anyway), it is just a matter of removing pop3
from the protocols
setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean
The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3.
Peter
On 2/03/22 10:54 am, Sean McBride wrote:
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem.
H
On 3/1/2022 3:13 PM, Peter wrote:
The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3.
Peter
On 2/03/22 10:54 am, Sean McBride wrote:
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean
However, you SHOULD IMHO lock the access so it has to be manually opened for each user that wants it. Another way is to do a PTR lookup on IP and [DROP] the packet if its not a google IP.
And then have a IP restriction on IMAP and also 587/SMTP Auth. This because there is bots out there that guess passwords and then send spam.
By locking access for POP3 by Google IP, you ensure it can only be used with the fetch feature of Gmail (which do have account-wise rate-limits to prevent password hacking). In this way, you increase security. Of course it must be combined with IP restrictions and firewalling for IMAP and Auth on 587 aswell.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Harlan Stenn Skickat: den 2 mars 2022 01:15 Till: Peter <peter@pajamian.dhs.org>; dovecot@dovecot.org Ämne: Re: Does disabling POP3 just mean removing it from the protocols list?
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem.
H
On 3/1/2022 3:13 PM, Peter wrote:
The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3.
Peter
On 2/03/22 10:54 am, Sean McBride wrote:
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean
Honestly, I think that's too much work for almost no gain. Bots can do password guessing just as easily via IMAP or SMTP AUTH so there is little reason to think that trying to block POP3 access to them will do any extra good at all.
If you want to put rate limiting in place then that's all good but you'd best do it with all your entry points, not just POP3, and there's no practical reason to actually prevent a user from using POP3 if that's what they want (it limits features they have access to, nothing more).
Peter
On 2/03/22 1:23 pm, Sebastian Nielsen wrote:
However, you SHOULD IMHO lock the access so it has to be manually opened for each user that wants it. Another way is to do a PTR lookup on IP and [DROP] the packet if its not a google IP.
And then have a IP restriction on IMAP and also 587/SMTP Auth. This because there is bots out there that guess passwords and then send spam.
By locking access for POP3 by Google IP, you ensure it can only be used with the fetch feature of Gmail (which do have account-wise rate-limits to prevent password hacking). In this way, you increase security. Of course it must be combined with IP restrictions and firewalling for IMAP and Auth on 587 aswell.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Harlan Stenn Skickat: den 2 mars 2022 01:15 Till: Peter <peter@pajamian.dhs.org>; dovecot@dovecot.org Ämne: Re: Does disabling POP3 just mean removing it from the protocols list?
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem.
H
On 3/1/2022 3:13 PM, Peter wrote:
The only modern reason I can think of to continue to support POP3 is that gmail's email fetch feature only works over POP3, so if you want people to be able to import their email from your server to gmail or google workspace then you should probably continue to support POP3.
Peter
On 2/03/22 10:54 am, Sean McBride wrote:
Hi all,
Hopefully a simple question. If I want to disable POP3 support (because everyone is using IMAP anyway), it is just a matter of removing |pop3| from the |protocols| setting in dovecot.conf?
Are there side effects or other considerations I should be aware of?
Thanks,
Sean
On 2022-03-01 4:23 p.m., Sebastian Nielsen wrote:
By locking access for POP3 by Google IP, you ensure it can only be used with the fetch feature of Gmail (which do have account-wise rate-limits to prevent password hacking). In this way, you increase security. Of course it must be combined with IP restrictions and firewalling for IMAP and Auth on 587 aswell.
No one commented, that ONLY POP3/SSL should be allowed, otherwise Gmail (or any other similar service) could simply expose the passwords over the clear, allowing those credentials to be sniffed.
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
Thanks all for your replies.
I have no need/desire to support anything google-related, so those concerns don't apply, but thanks for pointing them out.
So is it just a matter of removing pop3
from that list in the config
file?
Thanks,
Sean
On 2022-03-02 02:53, Sean McBride wrote:
Thanks all for your replies.
I have no need/desire to support anything google-related, so those concerns don't apply, but thanks for pointing them out.
So is it just a matter of removing pop3 from that list in the config file?
leave out pop3, pop3s out in protocols should be fine, if not add port = 0 to service section
On 02/03/2022 07:54 Benny Pedersen <me@junc.eu> wrote:
On 2022-03-02 02:53, Sean McBride wrote:
Thanks all for your replies.
I have no need/desire to support anything google-related, so those concerns don't apply, but thanks for pointing them out.
So is it just a matter of removing pop3 from that list in the config file?
leave out pop3, pop3s out in protocols should be fine, if not add port = 0 to service section
There is only pop3. Pop3s has been removed many moons ago.
Aki
On 2022-03-02 01:14, Harlan Stenn wrote:
The reason to support POP3 is that if you forward email to another account and that includes any spam, you are gonna get dinged. If folks want to read their email from gmail, they really need to suck that email over via POP to avoid this problem.
and roundcube does not support pop3, make another reason to support pop3 then
gmail can pr user open pop3, imap, so roundcube can be used with gmail, lol
waste of resources
participants (7)
-
Aki Tuomi
-
Benny Pedersen
-
Harlan Stenn
-
Michael Peddemors
-
Peter
-
Sean McBride
-
Sebastian Nielsen