On 2020-02-22 02:57:09 (+0800), Michael Peddemors via mailop wrote:
Consider how you would safely block the bad guys, yet let the good
guys still use the service. Which brings me to my favorite topic, 2FA
for IMAP/SMTP Auth, as many of you know.. (we talk about CLIENTID
often enough).
Isn't
On Sun, 2020-02-23 at 07:40 -0800, Roger Marquis via mailop wrote:
> Perhaps more interesting is the fact that the vast majority of ESPs don't
> even think about obfuscating _usernames_. Are there good reasons to use a
> well known string like the email address for half of a credential? While not
Alessandro Vesely wrote:
Even without 2FA, a password different from "12345" is probably desperately
hard to guess. An activity suited for bots running at someone else's
expenses.
Enabling Dovecot auth_verbose and mail_debug will show credential failures
and in most cases you're right, they ar
