Hashed passwords as part of IMAP and SMTP are legacy from when servers considered SSL / TLS too resource intensive to encrypt the entire connection.
"plain password" means that the password is sent in plaintext over the existing connection. So if your connection is encrypted with SSL / TLS, you don't need to send hashed passwords. And your connection should be encrypted so that you don't reveal the mail contents. It has been a very long time since I set up postfix/dovecot. Dovecot was pretty easy. I just used the comments in the config. Postfix was more complex, but the project documentation was sufficient. Cheers, Richard On Saturday, May 10, 2014 16:27:56 Brian J. Rogers wrote: > I know this isn't exactly "linux" but I'm still hoping someone here might > know. > > When it comes to postfix/dovecot, how secure is plain password? I assume > from the name it means that it is just a plaintext password sent over the > wire. Is that really what it is? > > Does anyone know if a good tutorial that I can follow to setup a mail > server with postfix and dovecot that will cover SSL/TLS with encrypted > passwords? > > I need to setup a mail server but I'd like for it to relatively secure. > > Thanks. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
