On Wednesday, April 23, 2014 10:50:37 AM CEST, Dan Pollock wrote:
On Apr 23, 2014, at 1:38 AM, Benjamin Podszun <[email protected]> wrote:
On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote:
...
I would like to move everyone onto more modern mail programs,
but at the moment I have a couple of them that are stuck using
very old software installed for them on work computers. The rest
of my clients can connect on ports 993 and 995 without it being
a problem.
What's wrong with starttls? How are the ports relevant?
Do you happen to know what the problem is? Total lack of TLS support (I ..
cannot quite believe that) or is it a problem with key sizes/ciphers or
whatever, i.e. with your configuration vs. the legacy apps?
It's far from a perfect setup.
This is quite easy to set up on Courier-imap, but for a number
of reasons I would much rather be using Dovecot. (In
courier-imap, you can configure different password databases
independently for each of pop3, imap, pop3-ssl and imap-ssl.)
Which is really not that helpful, I think. Joe random system user can still
set up his mailclient to point to mail.yourdomain.tld and try to login
unencrypted. You'll only deny him afterwards (even with a different
password DB), after the password was transmitted over unencrypted wifi in
his local StarBucks™ or equivalent. Or what am I missing here? All system
users are too clever for that? In that case they can already use the ports
listed above (or set their mail client to require starttls on 143/110). If
they're not that security conscious, what protects them from the scenario
above?
Given that Dovecot features seem to be a superset of those from
Courier-imap so far, I was hoping this configuration option
would exist there as well.
See above: What would you gain? Would that actually help you?
In the end it's your setup and I don't want to come across and say "You're
doing it wrong" here, but so far it's hard to see what you're trying to
archive with that .. feature?
Regards,
Ben
