Strategies for protecting IMAP (e.g. MFA)

Lefteris Tsintjelis lefty at spes.gr
Sun Nov 14 15:55:58 UTC 2021


On 13/11/2021 23:16, Tyler Montney wrote:
> With the world of ransomware as it is today (aka attacks seem more 
> vicious and commonplace), anything I expose to WAN must have additional 
> protection. I've seen a few posts to this list on it. The only thing 
> that helped was that Dovecot supports OAuth. Through OAuth I figure I 
> could implement MFA. However, I'd have to host my own identity server. 
>  From there, Thunderbird supports OAuth so that should work.
> 
> Since this is getting increasingly complicated, I wanted to ask before 
> going further. What do you all do? Any recommendations?

May also consider black listing, or even better, white listing country 
IPs. A white list firewall, if you only have to deal with certain 
country for example, will also work extremely well and it is quite easy 
to maintain and update as well as simple and fast and very effective.

And if you need sporadically to use it outside your white listing, VPN 
works great.


More information about the dovecot mailing list