On 17 Jan 2018, at 8:06, Steven M. Bellovin wrote:
On 17 Jan 2018, at 5:51, Benny Kjær Nielsen wrote:
[...]
I back you up. Only thing to add is that one should make sure that
SSL is always enabled such that a password is never sent to the
IMAP/SMTP server in plain text. Note that most proper email servers
wouldn't even allow non-SSL connections.
What authentication options that don't involve sending passwords does
MailMate support? Is there a way to configure MM to use only one of
these safer options if available?
I can't answer that, but I do take issue with the implied assertion that
it is inherently safer to use CRAM-MD5, DIGEST-MD5, or other
password-based mechanisms that avoid send the password to the server in
decodable form rather than using a plaintext mechanism via an encrypted
(i.e. TLS) transport. To support those mechanisms, the server needs to
*store* a recoverable form of the password, which in most circumstances
creates a less protectable attack surface than putting a password on the
wire inside an encrypted channel to a server that only stores strong
one-way hashes.
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
