Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura:> I think I have it now! Found info about *correctly* defining > namespaces. I now get the following when telnetting in, and it all > looks valid. > > Trying 127.0.0.1... > Connected to 127.0.0.1. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE STARTTLS AUTH=PLAIN] Dovecot ready. > a login <my-username> <my-password> > a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS > THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT > CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE > QRESYNC > ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE > SPECIAL-USE] Logged in > a logout > * BYE Logging out > a OK Logout completed. > Connection closed by foreign host. > > If this is correct, then I'm off to add Postfix and get my mailing > lists back online.It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
Am 15.06.2015 um 20:26 schrieb Felix Zielcke:> Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura: >> I think I have it now! Found info about *correctly* defining >> namespaces. I now get the following when telnetting in, and it all >> looks valid. >> >> Trying 127.0.0.1... >> Connected to 127.0.0.1. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE STARTTLS AUTH=PLAIN] Dovecot ready. >> a login <my-username> <my-password> >> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT >> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >> QRESYNC >> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE >> SPECIAL-USE] Logged in >> a logout >> * BYE Logging out >> a OK Logout completed. >> Connection closed by foreign host. >> >> If this is correct, then I'm off to add Postfix and get my mailing >> lists back online. > > It looks like you don't enforce SSL/TLS. > If you don't have any clients which are many years old you should do > that. > But of course it'S your own decision if you want your users passwords > (and everything else) sent to your server in clear text over the wire >SSL is not enforced on localhost even when specifying ssl=required. Take a look at the comment in /etc/dovecot/conf.d/10-ssl.conf: # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> # disable plain pop3 and imap, allowed are only pop3+TLS, # pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections -- Alex JOST
On Mon, 15 Jun 2015 20:26:28 +0200, I wrote:>> Trying 127.0.0.1... >> Connected to 127.0.0.1. >> Escape character is '^]'. >> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE STARTTLS AUTH=PLAIN] Dovecot ready. >> a login <my-username> <my-password> >> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >> THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT >> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >> QRESYNC >> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE >> SPECIAL-USE] Logged in >> a logout >> * BYE Logging out >> a OK Logout completed. >> Connection closed by foreign host.Then Alex wrote:>It looks like you don't enforce SSL/TLS. >If you don't have any clients which are many years old you should do >that. >But of course it'S your own decision if you want your users passwords >(and everything else) sent to your server in clear text over the wireNot sure about the age of my clients' mail programs, but I have ssl=required in 10-ssl.conf. Need more to lock it down?
On Mon, 15 Jun 2015 21:11:39 +0200, you wrote:>Am 15.06.2015 um 20:26 schrieb Felix Zielcke: >> Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura: >>> I think I have it now! Found info about *correctly* defining >>> namespaces. I now get the following when telnetting in, and it all >>> looks valid. >>> >>> Trying 127.0.0.1... >>> Connected to 127.0.0.1. >>> Escape character is '^]'. >>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>> IDLE STARTTLS AUTH=PLAIN] Dovecot ready. >>> a login <my-username> <my-password> >>> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE >>> IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS >>> THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT >>> CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE >>> QRESYNC >>> ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE >>> SPECIAL-USE] Logged in >>> a logout >>> * BYE Logging out >>> a OK Logout completed. >>> Connection closed by foreign host. >>> >>> If this is correct, then I'm off to add Postfix and get my mailing >>> lists back online. >> >> It looks like you don't enforce SSL/TLS. >> If you don't have any clients which are many years old you should do >> that. >> But of course it'S your own decision if you want your users passwords >> (and everything else) sent to your server in clear text over the wire >> > >SSL is not enforced on localhost even when specifying ssl=required. > >Take a look at the comment in /etc/dovecot/conf.d/10-ssl.conf: > # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> > # disable plain pop3 and imap, allowed are only pop3+TLS, > # pop3s, imap+TLS and imaps > # plain imap and pop3 are still allowed for local connectionsThat's what I thought. I have not had the opportunity to test this from another system yet.