On Sun, 31 May 2020, Jean-Daniel wrote:
So yes the safest way to go is to just use port 993, but as long as
the client is not set to a "TLS if available" option then port 143 is
also safe.
I don?t think you can call an option safe if it relies on the users to
properly configure their client.
On 31/05/20 6:50 pm, Jean-Daniel wrote:
Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the
client. Thunderbird, for example, used to have settings for plain text, TLS and "TLS if
available", but the latter setting has not been available for some
> Le 31 mai 2020 à 06:09, Peter a écrit :
>
> On 29/05/20 11:27 pm, mj wrote:
>> Thanks to all who participated in the interesting discussion.
>> It seems my initial thought might have been best after all, and
>> discontinuing port 143 might be the safest way proceed.
>
> Yes and no. Some
On 29/05/20 11:27 pm, mj wrote:
Thanks to all who participated in the interesting discussion.
It seems my initial thought might have been best after all, and
discontinuing port 143 might be the safest way proceed.
Yes and no. Some of the attack vectors mentioned are not reasonable and
it
On 25 May 2020, at 12:48, mj wrote:
> I would then ask them to move over to 993, and finally disable port 143
> altogether.
From personal experience the only way to do this is to stop listening to port
143. I dropped support for non-encrypted mail ports ages ago, and I didn't get
a single
Thanks to all who participated in the interesting discussion.
It seems my initial thought might have been best after all, and
discontinuing port 143 might be the safest way proceed.
Thanks again, valuable insights!
MJ
On 5/29/20 11:48 AM, Jean-Daniel wrote:
Le 29 mai 2020 à 11:17, Stuart
> Le 29 mai 2020 à 11:17, Stuart Henderson a écrit :
>
> On 2020-05-26, mj wrote:
>> Hi,
>>
>> On 25/05/2020 23:04, Voytek wrote:
>>> jumping here with a question, if I use 143 with STARTTLS, and, force
>>> TLS/SSL in configuration, that's equivalent from security POV, isn't
>>> it? and,
On 2020-05-26, mj wrote:
> Hi,
>
> On 25/05/2020 23:04, Voytek wrote:
>> jumping here with a question, if I use 143 with STARTTLS, and, force
>> TLS/SSL in configuration, that's equivalent from security POV, isn't
>> it? and, same for 110 STARTTLS? Or am I missing something?
> Interesting point,
On Tue, 26 May 2020, mj wrote:
On 25/05/2020 23:04, Voytek wrote:
jumping here with a question, if I use 143 with STARTTLS, and, force
TLS/SSL in configuration, that's equivalent from security POV, isn't
it? and, same for 110 STARTTLS? Or am I missing something?
There's an important clause
Hi Markus,
Thank you very much.
MJ
On 26/05/2020 10:25, Markus Winkler wrote:
Hi,
On 26.05.20 09:21, mj wrote:
One doubt I had: "disable_plaintext_auth = yes" sounds as if only the
authentication part is secured, and the rest is kept plain text,
whereas with 993/SSL, *everything* would be
Hi,
On 26.05.20 09:21, mj wrote:
One doubt I had: "disable_plaintext_auth = yes" sounds as if only the
authentication part is secured, and the rest is kept plain text, whereas
with 993/SSL, *everything* would be encrypted?
Or am I missing something? (then perhaps someone can point it out?)
Hi,
On 25/05/2020 23:04, Voytek wrote:
jumping here with a question, if I use 143 with STARTTLS, and, force
TLS/SSL in configuration, that's equivalent from security POV, isn't
it? and, same for 110 STARTTLS? Or am I missing something?
Interesting point, after some googling, I think you are
On 26 May 2020 4:48:51 AM AEST, mj wrote:
>I would then ask them to move over to 993, and finally disable port 143
>altogether.
>
jumping here with a question, if I use 143 with STARTTLS, and, force TLS/SSL in
configuration, that's equivalent from security POV, isn't it? and, same for 110
On 25/05/2020 20:52, Aki Tuomi wrote:
You could use
https://doc.dovecot.org/settings/core/#login-log-format-elements
to log this.
Yes! Perfect!
Thanks! :-)
> On 25/05/2020 21:48 mj wrote:
>
>
> Hi,
>
> I am trying to find a nice way to identify dovecot clients that are
> still configured to use port 143 to connect to our mailserver, from the
> dovecot logs.
> I would then ask them to move over to 993, and finally disable port 143
>
15 matches
Mail list logo
