[Dovecot] Enforcing TLS

Ed Schouten ed at 80386.nl
Tue Jan 6 17:49:24 EET 2009


* Timo Sirainen <tss at iki.fi> wrote:
> Have you enabled non-plaintext authentication? If not, then
> disable_plaintext_auth practically does what you want, because you can't
> authenticate without SSL/TLS.

Oh, great. I don't know a lot of IMAP/POP3-internals, but I was unsure
whether `disable_plaintext_auth' still allowed non-secured connections
to take place in my setup, as long as the client used some broken form
of hashing/encoding the password (like base64), which is obviously not
what I want.

Thanks for the information. I'll add it to the Wiki article
"SSL/DovecotConfiguration".

-- 
 Ed Schouten <ed at 80386.nl>
 WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090106/08fd07d2/attachment-0001.bin 


More information about the dovecot mailing list