Hi all,
I'd like your opinions to add to my own opinion.
Bottom line question: If I trust everybody with physical access to my
Daily Driver Desktop (DDD) computer, my Dovecot IMAP runs on my DDD, I
access my Dovecot IMAP *exclusively* from my DDD, and I trust everybody
with physical access to my DDD (that would be my wife), then if I serve
out IMAP on localhost (127.0.0.1), am I being unduly risky using plain
text auth (port 143)?
Details:
I use a Dovecot IMAP server, on my DDD,
specifically to hold all my email messages. Therefore, I can use any
IMAP aware email client, interchangeably, to view every email I've
received since April 2001. People whose emails are held by their email
clients are "locked in" to their email client unless they convert their
email data. I can switch between Evolution and Claws-Mail, because one
of the two is always doing something stupid. Bottom line: I use Dovecot
IMAP exclusively to hold my emails and folders. Graphical description
below:
ISP ---> My --------> procmail --> Dovecot
IMAP fetchmail Maildir
|
|
V
email <--- Dovecot
client IMAP server
For the time being, I don't need to access my Dovecot IMAP from any
computer except my DDD, and therefore, I can serve Dovecot IMAP on
127.0.0.1.
So here's my question. Assuming (and I know this is a big assumption)
I'm not worried about somebody gaining physical possession of my DDD,
is there any reason not to use plain text to access this server?
Thanks,
SteveT
Steve Litt
http://444domains.com
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
