Sorry about that, its just outlook that does that by default. But manually
deleted your adress now in reply.
I don't know what you mean with "top posting"?
What I mean is that if you have another security on the connection (be it
physical security - the connection doesn't go over public means, or VPN -
connection level encryption) then you don't need another encryption on top
of that.
Of course you must judge other risks in the physical enviroment - if a hacker
connects his laptop to a guest wifi or reception RJ45 port and ARP spoofs -
whats gonna happen? So you must of course segment and separate those networks
from your internal LAN (so a hacker is now gonna need a access badge to even get
a foot into the internal LAN), and also activate static ARP in your switches so
even if a hacker ARP spoofs (from an infected client inside internal LAN),
nothing gonna come out of the pipe.
-----Ursprungligt meddelande-----
Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r
Alexander Dalloz
Skickat: den 7 juli 2020 18:30
Till: dovecot at dovecot.org
?mne: Re: SV: Outlook vs Thunderbird
Am 07.07.2020 um 18:11 schrieb Sebastian Nielsen:> Plaintext access is no problem if the connection is secured via other means
- for example internal network or VPN.
> If the IMAP server cannot be accessed from the outside, and the traffic
don't travel over wifi or public networks, no danger.
First of all, please keep answers on the mailing list only. Obviously I am
subscribe and I don't need to get your reply twice, by list distribution and
in addition to my personal address.
And top-posting is another thing you should avoid.
To your answer: I disagree and see that you have a false understanding of
security. You want service protocol encryption (here for IMAP or
POP3) from end to end. Nothing which breaks up encryption in between.
That's valid for any size of environment. You may judge the risk is
tolerable in case you run you own small setup where you are the only user. But I
replied to Mark's note where he wrote about ~100 clients. So he either
running an IMAP service for clients - where it is inresponsible to not teach
them about security and instead lower the protection to none - or administering
a company network for which end to end service encryption is a must too.
Alexander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20200707/132559b5/attachment-0001.p7s>