got a listener on 993

Ralph Seichter abbot at monksofcool.net
Wed Apr 15 01:51:09 EEST 2020


* Jean-Daniel:

> One rational for this is to make sure broken clients don’t send clear
> text credential on port 143, even if STARTTLS is required.

If clients are broken, they can send clear text credentials to any port
and a network sniffer could record the content. Heck, one can do stupid
things with "netcat" if one really wants to.

The decision to allow STARTTLS or not depends on the clients that need
to connect. As long as the protocol is followed, the difference in terms
of security is negligible.

-Ralph


More information about the dovecot mailing list