[Dovecot] disable_plaintext_auth, inetd, localhost, IPv6, and mapped addresses
Villalovos, John L
john.l.villalovos at intel.com
Wed Jan 26 03:02:37 EET 2005
dovecot-bounces at dovecot.org wrote:
> Dovecot 0.99.13.
>
> I've noticed that the condition
>
> client->secured = ssl ||
> (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) ||
> (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0);
>
> (in (imap-login|pop3-login)/client.c) isn't enough, at least not when
> running from inetd. The thing is that you will come across
>>> ffff:127.0.0.1, which is secure, but not covered by the above.
>
> I thought I saw someting on this earlier, but in that case I
> cant't find
> it now.
Yes I mentioned something about it in a message titled, "RE: [Dovecot]
Plaintext Authentication from Localhost"
On 19-Jan-2005.
Seems to be a bug. At least it didn't work quite right for me.
John
More information about the dovecot
mailing list