why is dovecot "Allowing any password"

@lbutlr kremels at kreme.com
Thu Mar 22 10:52:50 EET 2018

On 2018-03-22 (02:48 MDT), "@lbutlr" <kremels at kreme.com> wrote:
> On 2018-03-22 (02:30 MDT), mj <lists at merit.unu.edu> wrote:
>> Yes, however, for SOGo with Native Outlook compatibility or SAML logon, the config is required.
>> (https://sogo.nu/files/docs/v2/SOGoNativeOutlookConfigurationGuide.html)
> I don't know what that is, but that is a terrible requirement that makes me very suspicious someone is being either lazy or intentionally breaking security for nefarious purposes. I'd walk away.

read more:

"For any other IMAP server, refer to the product’s documentation. If such capability is not offered, you can alternatively define the cleartext password for each user."


No. A thousand times no. This is… just no, this is inexcusable, irresponsible, and in any opinion should be criminal. No, I'm not joking.

A: You're wrong
Q: I've never found that to be true
A: Because it make following messages more difficult
Q: Why is top-posting evil?

More information about the dovecot mailing list