Re: dovecot security
On Sun, 17 Oct 2010 11:21:28 -0400, Rob Owens wrote:
> 1) It seems like cleartext communication is disabled by default, and
> only TLS or SSL is allowed. I can't find this in the docs or conf file,
> though. Can anybody confirm this is the case?
Look, at their testing sample page there is a connection to IMAP 143
stantard port (no imaps/993):
http://wiki2.dovecot.org/TestInstallation
Also:
Plaintext Authentication
http://wiki2.dovecot.org/BasicConfiguration
> 2) There is a certificate used for secure communication w/ the server,
> but I did not generate it myself. Was it generated automatically for
> me? Or is it a default cert that I should replace with my own?
Most e-mail services include their own (even auto-generated) SSL
certificates. You can use them (your clients will receive a security
alert about SSL certificate being invalid/not trusted which is the normal
behaviour) or you can replace them with real ones (Verisign, Thatwe,
etc...) validated certificates coming from a CA.
_Both_ will secure your data, but with the "auto-signed-own-generated"
ones, you'll get a "cosmetic" error.
Greetings,
--
Camaleón
Reply to: