Conditional SASL authentication

Reindl Harald h.reindl at thelounge.net
Tue Feb 24 18:09:20 UTC 2015


Am 24.02.2015 um 19:04 schrieb Luciano Mannucci:
> On Tue, 24 Feb 2015 18:56:03 +0100
> Reindl Harald <h.reindl at thelounge.net> wrote:
>
>> * if you cahnge the pwd SASL auth is taken away
> True.
> But this way the user will be unable to read his/her mail, including
> my message saying "Hey, you've got a new virus!"

if the account is compromised the password *must be changed* and the 
user contacted on a different channel - otherwise you risk hijacking his 
other accounts connected to the mail-address and a ton of additional damage

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150224/a81523b7/attachment.sig>


More information about the dovecot mailing list