[Dovecot] Encrypted IMAP only from Internet,
unencrypted POP3 from internal network
Rainer Frey
rfy at inxmail.de
Mon May 8 17:34:09 EEST 2006
On Monday 08 May 2006 15:02, Les Mikesell wrote:
> On Mon, 2006-05-08 at 02:51, Rainer Frey wrote:
> > Additionally, we now want to allow encrypted IMAP from the internet
> > (for some defined accounts), preferably with TLS (which means I
> > open Port 143 in our firewall).
>
> Keep in mind that you can't keep the users from sending plain
> text passwords. All you can do on the server side is make it
> not work when they do - but that doesn't mean they'll stop
> doing it. You might be better off using imaps on port 993.
Phew - good point. I just checked with a test installation and KMail an
Thunderbird. KMAil and Thunderbird 1.0.8 both ask for CAPABILITY,
Dovecot sends (among others) LOGINDISABLED, and both send a login
command with cleartext password nontheless.
Thunderbird 1.5 does not try this, it sends logout after it retrieves
the LOGINDISABLED capability.
Well, I guess I'll open Port 993 only then.
Rainer
--
Software Development
------------------------------------------------------
Inxmail GmbH
Kaiser-Joseph-Str. 274, 79098 Freiburg, Germany
More information about the dovecot
mailing list