Noel Jones wrote:
Please don't top-post. Put your answers below the text you refer to.
Lists wrote:
Will have a go at those instructions thanks.
I don't want to make things difficult for our clients. I like the
setup that allows the client to use pop details to authenticate - I
even managed to get that working ;)
What I was trying to do with TLS was to encrypt the password that
gets sent (but i'm not sure this is even necessary)
Would it be alright to leave out TLS support? / OR / if TLS support
is enabled does it have to be used or will the pop details still
authenticate?
TLS encryption is a separate feature from authentication. They can be
used individually or together. So wether you use TLS or not doesn't
really affect your authentication scheme.
While TLS isn't a requirement, it's very highly recommended because
the PLAIN and LOGIN authentication methods send the username/password
in what is essentially plain text. Using TLS will protect the
credentials (and all your mail content too!) from any eavesdroppers.
While you're at it, make sure dovecot is configured to use TLS with
POP/IMAP.
As a stopgap, you can enable the CRAM-MD5 method in the auth section
of your dovecot.conf. Just add it to the mechanisms list and restart
dovecot:
mechanisms = login plain cram-md5
The cram-md5 method is not "strong" encryption, but better than
nothing. Clients that can use it will automatically pick it over the
PLAIN or LOGIN methods. Postfix will log which method a client uses.
Note that cram-md5 only encrypts the credentials, not the whole mail
session, so it's not a replacement for TLS.
Sorry about the top post.
I havn't managed to get TLS working the error logs say it can't find the
security certificates (which are there) so I will have to continue
trying this.
Would I need to set dovecot to use TLS with POP/IMAP if dovecot isn't
actually handling the emails (as they go through to MailEnable)?
I will add the CRAM-MD5 as suggested.
Thanks
