Displaying 20 results from an estimated 10000 matches similar to: "pop 110/995, imap 143/993 ?"
2017 Aug 22
3
pop 110/995, imap 143/993 ?
On 22.08.2017 03:56, Peter wrote:
>>> Lest anyone think STARTTLS MITM doesn't happen,
>>>
>>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
> Right, the attack does happen, but it can be prevented by properly
> configuring the server and client.
Dovecot, by default, requires STARTTLS before accepting plaintext
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Aki Tuomi wrote:
> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
> have enabled something like cram-md5.
Hi,
exactly, this is the reason, why plain-text is still needed. You don't need
encryption for authentication, if you have secure authentication. Without
knowing original password, the MITM cannot generate correct hash for login, so
2017 Aug 21
6
pop 110/995, imap 143/993 ?
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct???
Is there something to enable for perfect forward security with starttls?
? Original Message ?
From: s.arcus at
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>
> On 21/08/17 10:37, Gedalya wrote:
> > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> > > is there a 'preferred way'? should I tell users to use 143 over 993 ? or
> > > 993 over 143? or?
> > There is no concrete answer. There are various opinions and feelings about
> > this.
> > The
2017 Aug 21
2
pop 110/995, imap 143/993 ?
Lest anyone think STARTTLS MITM doesn't happen,
https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
Not only for security, I prefer port 993/995 as it's just plain simpler
to initiate SSL from the get-go rather than to do some handshaking that
gets you to the same point.
Joseph Tam <jtam.home at gmail.com>
2017 Aug 22
0
pop 110/995, imap 143/993 ?
>> Lest anyone think STARTTLS MITM doesn't happen,
>>
>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
Right, the attack does happen, but it can be prevented by properly
configuring the server and client.
>> Not only for security, I prefer port 993/995 as it's just plain
>> simpler to initiate SSL from the get-go
2017 Aug 22
0
pop 110/995, imap 143/993 ?
Gary <lists at lazygranch.com> writes:
> If I read this correctly, starttls will fail due to the MITM attack.
> That is the client knows security has been compromised.
I'm not sure what you man by "fail". STARTTLS is prone to MITM attacks
if a client has not been configured to refuse non-STARTTLS/SSL sessions.
For clients that will allow both secured and plaintext
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 21/08/17 22:18, Joseph Tam wrote:
>
> Lest anyone think STARTTLS MITM doesn't happen,
>
> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
>
> Not only for security, I prefer port 993/995 as it's just plain simpler
> to initiate SSL from the get-go rather than to do some handshaking that
> gets you to the same
2017 Aug 21
4
pop 110/995, imap 143/993 ?
On 21/08/17 10:37, Gedalya wrote:
> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
>> 993 over 143? or?
> There is no concrete answer. There are various opinions and feelings about this.
> The opinion againt 993/995 is that these are not standard ports,
Out of curiosity, is there a
2017 Aug 21
1
pop 110/995, imap 143/993 ?
On 21/08/17 16:25, Robert Wolf wrote:
> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>
>> On 21/08/17 13:39, Robert Wolf wrote:
>>>
>>> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>>>
>>>>
>>>> On 21/08/17 10:37, Gedalya wrote:
>>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
>>>>>> is there a
2020 May 31
3
identify 143 vs 993 clients
On 29/05/20 11:27 pm, mj wrote:
> Thanks to all who participated in the interesting discussion.
>
> It seems my initial thought might have been best after all, and
> discontinuing port 143 might be the safest way proceed.
Yes and no. Some of the attack vectors mentioned are not reasonable and
it really depends on the client. Thunderbird, for example, used to have
settings for
2020 May 29
3
identify 143 vs 993 clients
> Le 29 mai 2020 ? 11:17, Stuart Henderson <stu at spacehopper.org> a ?crit :
>
> On 2020-05-26, mj <lists at merit.unu.edu> wrote:
>> Hi,
>>
>> On 25/05/2020 23:04, Voytek wrote:
>>> jumping here with a question, if I use 143 with STARTTLS, and, force
>>> TLS/SSL in configuration, that's equivalent from security POV, isn't
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> On 21/08/17 13:39, Robert Wolf wrote:
> >
> > On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> >
> > >
> > > On 21/08/17 10:37, Gedalya wrote:
> > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> > > > > is there a 'preferred way'? should I tell users to use 143 over
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
> 993 over 143? or?
There is no concrete answer. There are various opinions and feelings about this.
The opinion againt 993/995 is that these are not standard ports, and there is no
need to allocate new ports for the secure version of each protocol since we
2014 Dec 06
1
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>:
>
>Am 06.12.2014 um 06:56 schrieb Jan Wide?:
>> If you add disable_plaintext_auth=yes ssl=required settings, then
>> dovecot will drop authentication without STARTTLS. But damage will be
>> done, client will send unencrypted (or in this scenario MD5 or SHA512
>> hash)
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Ivan Warren wrote:
> Le 8/22/2017 ? 10:03 AM, Robert Wolf a ?crit?:
> >
> > WRONG!!! The email is stored plain-text on the first server and then it can
> > be
> > sent to other few MX servers over plain-text connection. I.e. encrypted
> > connection does not protect emails, but the authentication credentials.
> >
> >
> Indeed.
2007 Jan 01
1
configured mechanisms don't work
Hi,
I am new to this list and to dovecot. Forgive me if I ask long discussed
items.
I managed to install postfix and dovecot 1.0.rc15 on a Debian Sarge server out
of the backports. It works so far, I can send emails via smtp to postfix,
they are stored in the virtual mailboxes of some users, and I can get them
via IMAP from dovecot. However, in dovecot.conf I configured
mechanisms =
2017 Aug 20
4
pop 110/995, imap 143/993 ?
just setting a new Dovecot server to migrate from older system, but, I
have a general question:
1. I've set the server with self issued cert, and both pop/imap
StartTLS/110/143 SSL/993/995 (apologies if I'm using wrong naming
terminology)
is there a 'preferred way'? should I tell users to use 143 over 993 ? or
993 over 143? or?
my current understanding is that some (MS?)
2017 Aug 21
2
pop 110/995, imap 143/993 ?
On 21/08/17 13:39, Robert Wolf wrote:
>
> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>
>>
>> On 21/08/17 10:37, Gedalya wrote:
>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
>>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
>>>> 993 over 143? or?
>>> There is no concrete answer. There
2011 May 20
1
IMAP COMPRESS not announced while using imap_zlib plugin
I'm trying to enable the IMAP COMPRESS plugin listed here:
http://wiki2.dovecot.org/Plugins/Compress
I have added zlib globally and imap_zlib to the imap protocol.
This is the output from doveconf -n with regards to mail_plugins:
--cut--
mail_plugins = zlib
protocol imap {
mail_plugins = zlib imap_zlib
}
--cut
But it seem like the feature is not announced when connecting to the
IMAP