On 2025-02-12, Steven Varco via dovecot wrote:
> Dovecot is an international software with many users living outside
> of the EU and are therefore not legislated to those braindead EU
> regulations.
btw, (like some of the USA's tax stuff) the UK and EU GDPR legislations
are extra-territorial. The
t; > So, after my mandatory rant :D, the DEFAULT setup of dovecot should
> > actually be as simple as possible.
>
>
> I fully second that. There is no need to discuss whether dovecots
> default password storage complies to GDPR or not. The administrator or
> the liable person
On 12.02.25 01:25, Steven Varco via dovecot wrote:
So, after my mandatory rant :D, the DEFAULT setup of dovecot should actually be
as simple as possible.
I fully second that. There is no need to discuss whether dovecots
default password storage complies to GDPR or not. The administrator or
>
> > Therefore, Dovecot's plain text default, and the md5 option, are both
> non-GDPR compliant.
> >
> > To avoid monetary sanctions, Dovecot ought to change how it stores
> passwords by default.
> >
> > Please do not ignore this message.
>
> GDPR is some piece of bull*it regulation made by th
> Therefore, Dovecot's plain text default, and the md5 option, are both
> non-GDPR compliant.
>
> To avoid monetary sanctions, Dovecot ought to change how it stores passwords
> by default.
>
> Please do not ignore this message.
GDPR is some piece of bull*it regulation made by the EU. Dovecot
On 10/02/2025 20:36 EET Kent Borg via dovecot
wrote:
On 2/10/25 5:07 AM, Robert Nowotny via dovecot wrote:
>> A default dovecot (el9 rpm) install is compliant as it does not
work
>> and does not do anything, it is just a bunch of binaries on a
dis
On 2/10/25 5:07 AM, Robert Nowotny via dovecot wrote:
A default dovecot (el9 rpm) install is compliant as it does not work
and does not do anything, it is just a bunch of binaries on a disk.
and how exactly this answer is useful ?
oh my, I am feeding the troll again
I see it as a useful
SCRAM-SHA-256/512 could be one.
Aki
> On 10/02/2025 16:13 EET Jochen Bern via dovecot wrote:
>
>
> On 10.02.25 14:18, Aki Tuomi wrote:
> > I am not sure how we should actually implement this. Do you mean
> > that we should require that you always provide a password scheme
> > for credentials,
On 10.02.25 14:18, Aki Tuomi wrote:
I am not sure how we should actually implement this. Do you mean
that we should require that you always provide a password scheme
for credentials, or require explicit {PLAIN} prefix or what?
Everything costs something and has unexpected side-effects, like
break
> On 10 Feb 2025, at 10:23, Rupert Gallagher via dovecot
> wrote:
>
> Dovecot aligns the password encryption scheme used by the imap client with
> the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the password
Von:* Rupert Gallagher via dovecot
>
> *Gesendet:* Montag, 10. Februar 2025 um 13:51 MEZ
>
> *An:* aki.tu...@open-xchange.com
>
> *Kopie:* dovecot
>
> *Betreff:* RE: Dovecot's default password storage scheme is not GDPR
> compliant
>
>
> > I do, Aki.
Your argument is "that a default install is not compliant" and therefore you
ask people to change things. I am proving your argument is incorrect, so the
basis of your change request is gone.
> > A default dovecot (el9 rpm) install is compliant as it does not work
> and does not do anything, i
13:56 MEZ
*An:* Rupert Gallagher , aki.tu...@open-xchange.com
*Kopie:* dovecot
*Betreff:* RE: Dovecot's default password storage scheme is not GDPR
compliant
This is not the point, however.
The point is that the default is not GDPR compliant, and a first easy
alternative is als
: Dovecot's default password storage scheme is not GDPR
compliant
I do, Aki.
This is not the point, however.
The point is that the default is not GDPR compliant, and a first easy
alternative is also not GDPR compliant, and decoupling the user scheme from the
server storage scheme is not a
>
> This is not the point, however.
>
> The point is that the default is not GDPR compliant, and a first easy
> alternative is also not GDPR compliant, and decoupling the user scheme
> from the server storage scheme is not at all obvious. Adopting a GDPR-
> compliant default would send out the in
aligns the password encryption scheme used by the imap client with
> the password storage scheme used by the server.
> >
> > Since the default is set to plain text, the client sends the password in
> plain text (tls tunneled), and the server local storage of passwords is a
>
> On 10/02/2025 12:23 EET Rupert Gallagher via dovecot
> wrote:
>
>
> Dovecot aligns the password encryption scheme used by the imap client with
> the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the p
>
> Dovecot aligns the password encryption scheme used by the imap client
> with the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the password in
> plain text (tls tunneled), and the server local storage of passwords
Dovecot aligns the password encryption scheme used by the imap client with the
password storage scheme used by the server.
Since the default is set to plain text, the client sends the password in plain
text (tls tunneled), and the server local storage of passwords is a plain text
file.
For
Rupert Gallagher via dovecot skrev den 2024-05-06 09:42:
What is dovecot's state of the art on password storage? Can we use
bcrypt instead of plain text?
yes if argon2 is compiled in dovecot
[I] net-mail/dovecot
Available versions: 2.3.20-r1{tbz2} ~2.3.20-r2(0/2.3.20)
~2.3.20
On 06/05/2024 10:42 EEST Rupert Gallagher via dovecot
wrote:
What is dovecot's state of the art on password storage? Can we use
bcrypt instead of plain text?
___
dovecot mailing list -- dovecot@doveco
What is dovecot's state of the art on password storage? Can we use bcrypt
instead of plain text?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
On 06/22/2009 08:49 PM Richard wrote:
> Pascal, thanks for the quick reply. I'm using postfixadmin for user
> administration so I guess plaintext passwords is the current solution.
>
> Excuse my newbie question but I want to try and understand this. What
> is the reason to have to use plaintext pa
On Mon, Jun 22, 2009 at 8:38 PM, Pascal
Volk wrote:
>
> Either use plain text, but this is NOT recommended, or dovecotpw:
> /path/to/dovecotpw -p plaintexpassword
>
> {CRAM-MD5}aba976aa6a7f048a82db01301075725bf42c6ad98f01a2747a853e0f479e25f8
>
> Or w/o -p password, for the interactiv
On 06/22/2009 08:26 PM Richard wrote:
> Hi all,
>
> Got a question on configuring dovecot, I'm still new at this so I
> might be doing this all wrong.
>
> I want dovecot to authenticate the mail client using CRAM-MD5 so I've
> setup the config in dovecot.conf:
>
> auth default {
>
> mechani
Hi all,
Got a question on configuring dovecot, I'm still new at this so I
might be doing this all wrong.
I want dovecot to authenticate the mail client using CRAM-MD5 so I've
setup the config in dovecot.conf:
auth default {
mechanisms = cram-md5
passdb sql {
# Path for SQL configu
26 matches
Mail list logo
