>>>>> "Serveria" == Serveria Support <supp...@serveria.com> writes:
> Yes, there is a tiny problem letting the attacker change this value back > to yes and instantly get access to users' passwords in plain text. Apart > from that - no problems at all. :) Honestly, if the attacker has penetrated you to such an extent, then you're toast anyway, because they can just attach to the dovecot process with 'gdb' and dump the data directly as well. Encryption is not a magic solution here, and there's no real way to secure the system so well that once an attacker can modify files and restart processes they are blocked. Because they honestly looks like an Admin doing work on the system. > On 2022-10-11 12:15, Benny Pedersen wrote: >> Serveria Support skrev den 2022-10-11 10:37: >>> Thanks, but I suspect you've missed a part of this discussion >> >> if you set all to no, is there any problem to solve ? >> >> i am only human, not perfect >> >>> >>> On 2022-10-11 01:25, Benny Pedersen wrote: >>>> Serveria Support skrev den 2022-10-10 23:18: >>>>> Hi Benny, >>>>> >>>>> Sorry I must have missed your email. Here's the output of doveconf >>>>> -P >>>>> | grep auth: >>>>> >>>>> doveconf: Warning: NOTE: You can get a new clean config file with: >>>>> doveconf -Pn > dovecot-new.conf >>>>> doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:25: >>>>> 'imaps' protocol is no longer necessary, remove it >>>> >>>> remove imaps in protocol as it says >>>> >>>>> auth_debug = yes >>>>> auth_debug_passwords = yes >>>>> auth_verbose = yes >>>>> auth_verbose_passwords = yes >>>> >>>> change yes to no >>>> >>>> problem solved imho :)
