[Dovecot] Ideas for Webmail/OTP

Charles Marcus CMarcus at Media-Brokers.com
Mon Jul 23 19:55:15 EEST 2007


On 7/23/2007, Frank Behrens (frank at pinky.sax.de) wrote:
> I want to discuss some problems/enhancements for dovecot in a 
> webmail/otp setup.
> 
> For access to an IMAP server like dovecot I see different client 
> types:
> a) a "normal" MUA installed in a more or less trusted environment
> b) remote access via "webmail" from untrusted environments

What about:
c) a "normal" MUA accessing via the internet from  untrusted environments

This is the recommended way all of our users access their email - 
webmail is just for the occasional access from a friends or other 
computer that they don't use regularly.

> For a) I see with dovecot and other IMAP servers no problems, tricky 
> is the setup for b).

Webmail is very easy to do...

> If you use a webmail client in an untrusted environment the risk is
> high, that keyloggers and  other malware steal your password.

Eh? Thats what SSL/TLS is for... I agree that providing access - either 
via webmail or any other MUA - on an unsecured connection from an 
untrusted source is very hazardous - but setting up SSL is fairly simple 
too, and I even force SSL/TLS on all of my connections even inside our 
trusted network (no reason not to - the extra overhead is very small).

Sorry, but I don't understand the problem you are trying to solve...

-- 

Best regards,

Charles


More information about the dovecot mailing list