dovecot - Oct 2022 - Dovecot mail-crypt webmail can't read encrypted messages

Yes, there is a tiny problem letting the attacker change this value back 
to yes and instantly get access to users' passwords in plain text. Apart 
from that - no problems at all. :)

On 2022-10-11 12:15, Benny Pedersen wrote:
> Serveria Support skrev den 2022-10-11 10:37:
>> Thanks, but I suspect you've missed a part of this discussion
> 
> if you set all to no, is there any problem to solve ?
> 
> i am only human, not perfect
> 
>> 
>> On 2022-10-11 01:25, Benny Pedersen wrote:
>>> Serveria Support skrev den 2022-10-10 23:18:
>>>> Hi Benny,
>>>> 
>>>> Sorry I must have missed your email. Here's the output of
doveconf
>>>> -P
>>>> | grep auth:
>>>> 
>>>> doveconf: Warning: NOTE: You can get a new clean config file
with:
>>>> doveconf -Pn > dovecot-new.conf
>>>> doveconf: Warning: Obsolete setting in
/etc/dovecot/dovecot.conf:25:
>>>> 'imaps' protocol is no longer necessary, remove it
>>> 
>>> remove imaps in protocol as it says
>>> 
>>>> auth_debug = yes
>>>> auth_debug_passwords = yes
>>>> auth_verbose = yes
>>>> auth_verbose_passwords = yes
>>> 
>>> change yes to no
>>> 
>>> problem solved imho :)

Serveria Support skrev den 2022-10-11 10:37:
> Thanks, but I suspect you've missed a part of this discussion
if you set all to no, is there any problem to solve ?

i am only human, not perfect
> 
> On 2022-10-11 01:25, Benny Pedersen wrote:
>> Serveria Support skrev den 2022-10-10 23:18:
>>> Hi Benny,
>>> 
>>> Sorry I must have missed your email. Here's the output of
doveconf -P
>>> | grep auth:
>>> 
>>> doveconf: Warning: NOTE: You can get a new clean config file with:
>>> doveconf -Pn > dovecot-new.conf
>>> doveconf: Warning: Obsolete setting in
/etc/dovecot/dovecot.conf:25:
>>> 'imaps' protocol is no longer necessary, remove it
>> 
>> remove imaps in protocol as it says
>> 
>>> auth_debug = yes
>>> auth_debug_passwords = yes
>>> auth_verbose = yes
>>> auth_verbose_passwords = yes
>> 
>> change yes to no
>> 
>> problem solved imho :)