This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Is Dovevot authentication method using Plain-text secure?

3 posts / 0 new

Topic locked

Last post

#1 Fri, 04/06/2007 - 06:42

ah...lifes...good

Is Dovevot authentication method using Plain-text secure?

I noticed that Dovecot is set by default to authenticate using Plain-text. Is this really OK from a security standpoint?

When I try to include other authentication methods, e.g. Digest-MD5, Cram-MD5, APOP, Dovecot server stopped working.

What's the deal? Can we up the security barrier up a little on this?

Thanks.

#2 Mon, 04/09/2007 - 03:37

sgrayban

Use pop3s instead of pop3 in the config. Where the 's' means ssl.

# Protocols we want to be serving:
# imap imaps pop3 pop3s
protocols = imaps pop3s

#3 Mon, 04/09/2007 - 10:41

ah...lifes...good

Brilliant. Now why didn't I think of that! Thanks, Scott.

Topic locked