Sv: 2FA/MFA with IMAP & postfix/submission
Laura Smith
n5d9xq3ti233xiyif2vp at protonmail.ch
Thu Jul 15 17:56:45 EEST 2021
> Client certs appears to be a good solution.
>
> What's the process for managing them with more than a hundred client accounts?
If you've got the budget ... MDM.
If you don't, you can probably hack together some sort of self-service system.
>
> I believe the problem they are trying to solve is hacked accounts from
>
> compromised passwords. Does client certs solve that problem?
>
Well yes.
If you make client certs mandatory, unless the client can present a valid cert, the server will kill the connection before the client has a chance to try out a compromised password.
More information about the dovecot
mailing list