Re: dovecot security

To: debian-user@lists.debian.org
Subject: Re: dovecot security
From: Camaleón <noelamac@gmail.com>
Date: Sun, 17 Oct 2010 17:56:40 +0000 (UTC)
Message-id: <[🔎] pan.2010.10.17.17.56.40@gmail.com>
References: <[🔎] 20101017152128.GA25640@aurora.owens.net>

On Sun, 17 Oct 2010 11:21:28 -0400, Rob Owens wrote:

> 1)  It seems like cleartext communication is disabled by default, and
> only TLS or SSL is allowed.  I can't find this in the docs or conf file,
> though.  Can anybody confirm this is the case?

Look, at their testing sample page there is a connection to IMAP 143 
stantard port (no imaps/993):

http://wiki2.dovecot.org/TestInstallation

Also:

Plaintext Authentication
http://wiki2.dovecot.org/BasicConfiguration

> 2)  There is a certificate used for secure communication w/ the server,
> but I did not generate it myself.  Was it generated automatically for
> me?  Or is it a default cert that I should replace with my own?

Most e-mail services include their own (even auto-generated) SSL 
certificates. You can use them (your clients will receive a security 
alert about SSL certificate being invalid/not trusted which is the normal 
behaviour) or you can replace them with real ones (Verisign, Thatwe, 
etc...) validated certificates coming from a CA.

_Both_ will secure your data, but with the "auto-signed-own-generated" 
ones, you'll get a "cosmetic" error.

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: dovecot security
  - From: Rob Owens <rowens@ptd.net>

References:
- dovecot security
  - From: Rob Owens <rowens@ptd.net>

Prev by Date: Re: Question for users of OOo and/ or LibO
Next by Date: Re: Question for users of OOo and/ or LibO
Previous by thread: dovecot security
Next by thread: Re: dovecot security
Index(es):
- Date
- Thread