On Wednesday, April 23, 2014 10:57:23 AM CEST, Urban Loesch wrote:
Am 23.04.2014 10:38, schrieb Benjamin Podszun:
On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote:
...
Yes that is correct and I knew that when I configured the
setup. But I can't manipulate the clients.
If that is correct every user might send their credentials over
unsecured connections?
Yes, that is a disadvantage. As I just said, I can't change that.
In my opinion this doesn't help. Clients cannot know in advance that
they shouldn't try to login.
I guess I'd either
- drop the requirement (best option, hit the users that don't support
TLS or offer them help to upgrade/fix their setup)
Can you help me to upgrade/fix 40k users, which have no idea
how to change the settings of a mail client? Send me your
phonenumber and I will redirect all requests of that to you :-)
You will see very quickly that it's not practicable to force
all users to use SSL at the same time. With this setup I can
bring users step by step to use SSL.
I haven't defined an hourly rate so far, but I could think about something
here.. ;-)
Really, my 'you' in most of the reply was about Dan's requirement/targeting
the thread: He has system users, probably with shell access(?) and wants to
protect those 'more' than virtual users, as far as I understood. I claim
that his requirement is hard to implement/next to impossible.
You on the other hand .. have other issues. ;)
Takeaway from my response to you, Urban, should've been: "I don't think
your workaround helps with the original author's requirement", not "Fix
your own setup!".
Ben
