[Dovecot] Allowing non-SSL connections only for certain Password Databases
Joseph Tam
jtam.home at gmail.com
Wed Apr 23 21:51:44 UTC 2014
Dan Pollock <pollock at theorem.ca> writes:
> I would like to move everyone onto more modern mail programs, but at the
> moment I have a couple of them that are stuck using very old software
> installed for them on work computers. The rest of my clients can connect
> on ports 993 and 995 without it being a problem.
You know best whether you want to take the risk of compromising passwords
on your system (including compromised accounts using for spamming and
blowing your mail reputation to smithereens), but I don't know whether
your customers do. They may think they are only risking their Email,
but it can be leveraged to also gain access to other authentication
systems e.g. "Forgot password" feature.
You can suggest the installation of a SSL proxy for those holdouts that
won't switch mail readers (stunnel even has support down to Win98).
https://www.stunnel.org/ports.html
These days, cleartext passwords over the network is just begging to
be compromised.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list