-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Paul J Stevens schrieb: > Because those are the only ones required by the IMAP rfcs. OK - But do we only want the minimal requirements even if they are unsecure? Our problem for the migration was that we never ever thought that any mailsoftware only supports plaintext since most webmailsers automatically support md5-mechanisms and ssl/tls if available. I found many pages before to get smtp-auth working and everyone speaks from dbmail + postfix with sasl - So why in the world should i think that the imap/pop3-backend does not support this (do not understand me wrong but it is simple stoopid to enable secure passwords while sending mails and the same time send a plaintext-version over pop3/imap to the same driection) http://www.mail-archive.com/dbmail@dbmail.org/msg16065.html > CRAM-MD5 in itself would be very simple to add (esp. on the 2.3 > codebase). However, since both CRAM-MD5 and DIGEST-MD5 require storing > passwords in plain-text on the server-side that would create some > serious compatibility problems for installations where some or all user > passwords are stored as a cryptographic tokens. That can never be a showstopper! A simple and commented option to enable this manually would fix the problem On the other side to migrate from any other mailserver to dbmail is painful Anyways - Its not the real solution have to use imap-proxies and/or stunnel to provide secure login-methods Please do not missunderstand me: Because of this things i got as nearly no sleep searching and patching things that should work out of the box while our customers are standing with a loaded gun behind me :-( -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqBKmUACgkQhmBjz394Ann1GgCaAylol8R9x6Jjl7MS1AgiOQ4r DhkAoIGhMQxsJnohXDhmKOM4NGq1vCRh =L/Ux -----END PGP SIGNATURE----- _______________________________________________ DBmail mailing list DBmail@dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
