Am 08.06.26 um 15:24 schrieb Aki Tuomi:
One thing to mention right off the bat is that Dovecot has not
allowed unencrypted logins by default, even if Outlook has.
This has required, even in the past, that you set
`disable_plaintext_auth = no`, which allows you to log in w/o SSL.
Hmmm, the author wrote that port 110 was left open for the sake of
clients wanting to do STARTTLS, so which kind of "w/o SSL" are we
talking here ... ?
(I admit that there's no clear demonstration - a la tcpdump or wireshark
- in any versions of the report I've seen *proving* beyond doubt that
auth+e-mails went through the wire *un*encrypted ... other than Outlook
versions apparently being affected that are said to *predate* STARTTLS.)
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
