On Mon, 15 Jun 2015 20:26:28 +0200, I wrote: >> Trying 127.0.0.1... >> Connected to 127.0.0.1. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE STARTTLS AUTH=PLAIN] Dovecot ready. >> a login <my-username> <my-password> >> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT >> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >> QRESYNC >> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE >> SPECIAL-USE] Logged in >> a logout >> * BYE Logging out >> a OK Logout completed. >> Connection closed by foreign host.
Then Alex wrote: >It looks like you don't enforce SSL/TLS. >If you don't have any clients which are many years old you should do >that. >But of course it'S your own decision if you want your users passwords >(and everything else) sent to your server in clear text over the wire Not sure about the age of my clients' mail programs, but I have ssl=required in 10-ssl.conf. Need more to lock it down?
