[Dovecot] Best authentication option

John Robinson john.robinson at anonymous.org.uk
Wed May 2 14:42:08 EEST 2007

On 02/05/2007 12:13, Eric wrote:
> Dear Dovecot experts,
> I have a small home server debian based, with postfix/dovecot/squirrelmail
> installed locally and working. Dovecot is used non-secured (no imaps) but
> only on the address (address of the server on the local
> network). I want to use squirrelmail to read my email from outside.
> Squirrelmail can configured to access it in particular, either through
> cram-md5 or login auths.
> In that situation, is it better (I mean more secure) to use : 1) auth
> mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication
> for dovecot) ? That will determine my dovecot configuration.

What Squirrelmail can do doesn't matter, you need to get your web server 
using SSL, so your password is encrypted going over the 'net to get to 
your home server. Then you may as well use 2.



More information about the dovecot mailing list