On 2021-07-15, Sebastian wrote:
> Best solution is to offer a webmail with TOTP or SQRL or similiar secure =
> auth method.
>
> Then have that webmail adds IP or country into trusted list, so if you =
> want to access IMAP mail or SMTP mail from hotel wifi, you have to =
> simply do one single log
PN server,
>and thus im able to lock out all logins outside from VPN.
>
>-Ursprungligt meddelande-
>Från: dovecot-boun...@dovecot.org För
>@lbutlr
>Skickat: den 15 juli 2021 18:37
>Till: dovecot mailing list
>Ämne: Re: 2FA/MFA with IMAP & postfix/submission
>
> Perhaps there are dovecot (and postfix submission) options to at least
> restrict access by IP?
Restricting by IP is soon going to become very tedious, especially if you are
dealing with more than a small number of users, and especially once post-COVID
travel comes back and people start con
> Client certs appears to be a good solution.
>
> What's the process for managing them with more than a hundred client accounts?
If you've got the budget ... MDM.
If you don't, you can probably hack together some sort of self-service system.
>
> I believe the problem they are trying to solve is
Quoting Benny Pedersen :
On 2021-07-15 16:49, Alex wrote:
What about something like what we used to do with pop-b4-smtp to at
least restrict by IP address?
no, pop was not handle million of users share one single nat ip,
weekforce cant handle that either, so allow_net cant do any better
iling list
Ämne: Re: 2FA/MFA with IMAP & postfix/submission
On 2021 Jul 15, at 08:52, Alex wrote:
> Client certs appears to be a good solution.
A solution, certainly. A GOOD solution? Not really.
> What's the process for managing them with more than a hundred client accounts?
On 2021-07-15 16:49, Alex wrote:
What about something like what we used to do with pop-b4-smtp to at
least restrict by IP address?
no, pop was not handle million of users share one single nat ip,
weekforce cant handle that either, so allow_net cant do any better there
all i think is possibl
On 2021 Jul 15, at 08:52, Alex wrote:
> Client certs appears to be a good solution.
A solution, certainly. A GOOD solution? Not really.
> What's the process for managing them with more than a hundred client accounts?
And that's the first issue.
The second issue is "my primary device is not ava
Problem is that not many client support it - especially mobile ones.So
wireguard VPN is the way to go, much simpler for the users.
Originalmeddelande Från: Rick Romero
Datum: 2021-07-15 17:04 (GMT+01:00) Till: dovecot@dovecot.org Ämne: Re: Sv:
2FA/MFA with IMAP & pos
On 2021-07-15 8:07 a.m., Laura Smith wrote:
Perhaps there are dovecot (and postfix submission) options to at least restrict
access by IP?
Restricting by IP is soon going to become very tedious, especially if you are
dealing with more than a small number of users, and especially once post-CO
On 2021-07-15 7:54 a.m., Laura Smith wrote:
Are there multi-factor options available?
Mandating good old-fashioned client-certificates is most likely your best bet
in terms of delivering the best user-experience.
Or, you can use the CLIENT_ID SMTP extension for dovecot/postfix.. For
the
Quoting Alex :
Hi,
Unfortunately the best way to do multifactor authentication today
is to use OAUTH2, which isn't currently supported for own
installations. Or you can use client certs.
If you want to use some kind of MFA with tokens, you end up having
to feed your token all the time.
> Are there multi-factor options available?
Mandating good old-fashioned client-certificates is most likely your best bet
in terms of delivering the best user-experience.
Hi,
> Unfortunately the best way to do multifactor authentication today is to use
> OAUTH2, which isn't currently supported for own installations. Or you can use
> client certs.
>
> If you want to use some kind of MFA with tokens, you end up having to feed
> your token all the time. So the best
Hi,
> > Unfortunately the best way to do multifactor authentication today is
> > to use OAUTH2, which isn't currently supported for own installations.
> > Or you can use client certs.
> >
> > If you want to use some kind of MFA with tokens, you end up having to
> > feed your token all the time. So
On 2021-07-15 07:26, Aki Tuomi wrote:
Unfortunately the best way to do multifactor authentication today is
to use OAUTH2, which isn't currently supported for own installations.
Or you can use client certs.
If you want to use some kind of MFA with tokens, you end up having to
feed your token all
f it stops working, is to login once via the web client.
>
> -Ursprungligt meddelande-
> Från: dovecot-boun...@dovecot.org För Alex
> Skickat: den 15 juli 2021 02:10
> Till: dovecot@dovecot.org
> Ämne: 2FA/MFA with IMAP & postfix/submission
>
> Hi, I have a dov
ogin as invalid if so not.
The only thing a client needs to do to get his IMAP or SMTP client to work
again if it stops working, is to login once via the web client.
-Ursprungligt meddelande-
Från: dovecot-boun...@dovecot.org För Alex
Skickat: den 15 juli 2021 02:10
Till: dovecot@dovecot.or
On 7/14/21 8:08 PM, Alex wrote:
Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred
IMAP4 accounts, as well as postfix users using submission. Clients are
using primarily Outlook on Windows and old squirrelmail.
Are there multi-factor options available?
google roundcube + 2FA
nu
Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred
IMAP4 accounts, as well as postfix users using submission. Clients are
using primarily Outlook on Windows and old squirrelmail.
Are there multi-factor options available?
If it is not available, do you have any recommendations on wh
20 matches
Mail list logo
