SV: Looking for a guide to collect all e-mail from the ISP mail server

lists lists at lazygranch.com
Wed Oct 28 01:13:04 EET 2020


I would have to also hack the email client since I don't enter my 20 character high entropy password when I send or retrieve email.

You really need an email standard to integrate TOTP. To be realistic, you need Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live in the real world, so whatever Google wants, I comply. 







  Original Message  


From: jtam.home at gmail.com
Sent: October 27, 2020 3:57 PM
To: dovecot at dovecot.org
Subject: Re: SV: Looking for a guide to collect all e-mail from the ISP mail server


On Tue, 27 Oct 2020, Sebastian Nielsen wrote:

> Kind of stupid that there doesn't exist some common standard for 2FA that
> works in email clients.

You can bodge it for HOTP/TOTP hardware token generators.  Dovecot allows
custom plugins to check passwords.  The plugin can take passwords of
the form {password}+{2fa-token}, then split each part to check against
authentication systems to check validity.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list