[Dovecot] Allowing non-SSL connections only for certain Password Databases
Benjamin Podszun
dar at darklajid.de
Wed Apr 23 09:02:45 UTC 2014
On Wednesday, April 23, 2014 10:57:23 AM CEST, Urban Loesch wrote:
>
> Am 23.04.2014 10:38, schrieb Benjamin Podszun:
>> On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote:
> ...
>
> Yes that is correct and I knew that when I configured the
> setup. But I can't manipulate the clients.
>
>>
>> If that is correct every user might send their credentials over
>> unsecured connections?
>
> Yes, that is a disadvantage. As I just said, I can't change that.
>
>>
>> In my opinion this doesn't help. Clients cannot know in advance that
>> they shouldn't try to login.
>>
>> I guess I'd either
>>
>> - drop the requirement (best option, hit the users that don't support
>> TLS or offer them help to upgrade/fix their setup)
>
> Can you help me to upgrade/fix 40k users, which have no idea
> how to change the settings of a mail client? Send me your
> phonenumber and I will redirect all requests of that to you :-)
>
> You will see very quickly that it's not practicable to force
> all users to use SSL at the same time. With this setup I can
> bring users step by step to use SSL.
I haven't defined an hourly rate so far, but I could think about something
here.. ;-)
Really, my 'you' in most of the reply was about Dan's requirement/targeting
the thread: He has system users, probably with shell access(?) and wants to
protect those 'more' than virtual users, as far as I understood. I claim
that his requirement is hard to implement/next to impossible.
You on the other hand .. have other issues. ;)
Takeaway from my response to you, Urban, should've been: "I don't think
your workaround helps with the original author's requirement", not "Fix
your own setup!".
Ben
More information about the dovecot
mailing list