<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jul 12, 2018, at 9:23 PM, Gedalya <<a href="mailto:gedalya@gedalya.net" class="">gedalya@gedalya.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
<div class="moz-cite-prefix">On 07/13/2018 08:45 AM, J Doe wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:FA4D333E-5669-4F8D-848E-21ED68731B49@nativemethods.com" class="">
<pre wrap="" class="">I’m aware that this is because the code does not state to specify “TLS” for the dovecot/imap [<a class="moz-txt-link-abbreviated" href="mailto:user@example.com" moz-do-not-send="true">user@example.com</a> 1.2.3.4 IDLE] line of output, but I’m curious as to why that decision was made ?
</pre>
</blockquote>
<br class="">
TLS is done by the imap-login process. This process does all the
actual talking to the client. The imap process blindly trusts
whoever invoked it (imap-login), it doesn't authenticate the user
either. Timo didn't want any crypto or authentication code, or to
link against any such libraries in the imap process itself.<br class="">
<br class="">
Your imap-login process does show TLS and this can be logged in the
log file as well, see login_log_format_elements and the variables %c
and %k<br class="">
</div>
</div></blockquote><br class=""></div><div>Hi Gedalya,</div><div><br class=""></div><div>Ah, ok - that makes sense.</div><div><br class=""></div><div>Thanks also for pointing me to the login_log_format_elements parameter - I will read up on this.</div><div><br class=""></div><div>- J</div><br class=""></body></html>