[Dovecot] Enabling security on POP3 and IMAP
Patrick Nagel
patrick.nagel at star-group.net
Thu Sep 3 12:04:08 EEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Richard,
On 2009-09-03 16:38, Richard Hobbs wrote:
> Currently, on our new test server, I am offering IMAP on 143 and POP3 on
> 110.
>
> We would like to enable security on both of these protocols to attempt
> to eliminate the risk from an internal
> password-grabbing/content-grabbing attack.
>
> I presume this would mean enabling SSL, and a more securure
> authentication, right? Or are plain text passwords just sent over the
> SSL, and therefore perfectly secure?
Yes, plain text passwords are fine with SSL/TLS, since the connection gets
secured before the password is sent.
> Also, what are the steps to enable security for these protocols on an
> already-configured server?
>
> Is it possible to offer encrypted and non-encrypted services
> simultaneously, so people have a choice of whether they want security or
> not? I know that's a bit weird, but for testing it would be useful.
No problem. Basically you just need to specify the certificate (ssl_cert_file)
and the key (ssl_key_file) in the config, and add 'imaps' and 'pop3s' to
'protocols'.
> Finally, is there a way to monitor which users are connecting over the
> secure ports and which users are connecting over the non-secure ports?
You can see it in the log.
Patrick.
- --
STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/
Phone: +86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779
PGP key: E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc
Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkqfhoIACgkQ7yMg/OiDoAWzuQCfSpkZn7AXpsSbh3dVLPtsYQBr
PL0An22lbqUY/MCGca8Q+RXOhojvfcf9
=wKmX
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list