Dovecot mail-crypt webmail can't read encrypted messages
Serveria Support
support at serveria.com
Tue Oct 11 08:44:13 UTC 2022
Yes, there is a tiny problem letting the attacker change this value back
to yes and instantly get access to users' passwords in plain text. Apart
from that - no problems at all. :)
On 2022-10-11 12:15, Benny Pedersen wrote:
> Serveria Support skrev den 2022-10-11 10:37:
>> Thanks, but I suspect you've missed a part of this discussion
>
> if you set all to no, is there any problem to solve ?
>
> i am only human, not perfect
>
>>
>> On 2022-10-11 01:25, Benny Pedersen wrote:
>>> Serveria Support skrev den 2022-10-10 23:18:
>>>> Hi Benny,
>>>>
>>>> Sorry I must have missed your email. Here's the output of doveconf
>>>> -P
>>>> | grep auth:
>>>>
>>>> doveconf: Warning: NOTE: You can get a new clean config file with:
>>>> doveconf -Pn > dovecot-new.conf
>>>> doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:25:
>>>> 'imaps' protocol is no longer necessary, remove it
>>>
>>> remove imaps in protocol as it says
>>>
>>>> auth_debug = yes
>>>> auth_debug_passwords = yes
>>>> auth_verbose = yes
>>>> auth_verbose_passwords = yes
>>>
>>> change yes to no
>>>
>>> problem solved imho :)
More information about the dovecot
mailing list