[Imap-protocol] Re: [yam] draft-daboo-srv-email: POP3S/IMAPS?
arnt at gulbrandsen.priv.no
Mon Jan 18 05:26:36 PST 2010
Timo Sirainen writes:
> Such setting doesn't help.
Such a setting is cecessary, not sufficient.
> Dovecot has had one since the beginning and people still configure it
> to give only imaps/pop3s access. I think there are two big reasons
> for this:
> 1) Clients are stupid and issue plaintext LOGIN command even if
> LOGINDISABLED is advertised. So with such clients it's easy to
> accidentally expose username and password.
> 2) It's easier to enforce "SSL-only" traffic in firewall rules based
> on ports. For example they'll keep both imap and imaps enabled, but
> only imaps is allowed outside intranet.
Yeah. But I can't remember talking to anyone who really cared about
allowing cleartext imap inside the firewall.
> (And yeah, then there's probably the biggest reason that people just
> don't understand that imap/pop3 port supports SSL/TLS.)
Which I think would change if servers generally would support
encrypted-only = true
As it is, people aren't used to looking for such a setting, and if they
call their clueful pal to ask how blah, he'll say "enable imaps", not
More information about the Imap-protocol