Is Dovevot authentication method using Plain-text secure?

3 posts / 0 new
Last post
#1 Fri, 04/06/2007 - 06:42
ah...lifes...good

Is Dovevot authentication method using Plain-text secure?

I noticed that Dovecot is set by default to authenticate using Plain-text. Is this really OK from a security standpoint?

When I try to include other authentication methods, e.g. Digest-MD5, Cram-MD5, APOP, Dovecot server stopped working.

What's the deal? Can we up the security barrier up a little on this?

Thanks.

Mon, 04/09/2007 - 03:37
sgrayban

Use pop3s instead of pop3 in the config. Where the 's' means ssl.

# Protocols we want to be serving:
# imap imaps pop3 pop3s
protocols = imaps pop3s

Mon, 04/09/2007 - 10:41
ah...lifes...good

Brilliant. Now why didn't I think of that! Thanks, Scott.

Topic locked