[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dovecot security

On Sun, 17 Oct 2010 11:21:28 -0400, Rob Owens wrote:

> 1)  It seems like cleartext communication is disabled by default, and
> only TLS or SSL is allowed.  I can't find this in the docs or conf file,
> though.  Can anybody confirm this is the case?

Look, at their testing sample page there is a connection to IMAP 143 
stantard port (no imaps/993):



Plaintext Authentication

> 2)  There is a certificate used for secure communication w/ the server,
> but I did not generate it myself.  Was it generated automatically for
> me?  Or is it a default cert that I should replace with my own?

Most e-mail services include their own (even auto-generated) SSL 
certificates. You can use them (your clients will receive a security 
alert about SSL certificate being invalid/not trusted which is the normal 
behaviour) or you can replace them with real ones (Verisign, Thatwe, 
etc...) validated certificates coming from a CA.

_Both_ will secure your data, but with the "auto-signed-own-generated" 
ones, you'll get a "cosmetic" error.



Reply to: