On 2021-07-15, Sebastian wrote:
> Best solution is to offer a webmail with TOTP or SQRL or similiar secure =
> auth method.
>
> Then have that webmail adds IP or country into trusted list, so if you =
> want to access IMAP mail or SMTP mail from hotel wifi, you have to =
> simply do one single
I think it's only 12 steps. There are people who need to sober up
On July 15, 2021 8:54:16 AM AKDT, Sebastian wrote:
>The thing is, that people must stop expecting "being able to access
>mail whenever you are" without extra steps.
>
>Best solution is to offer a webmail with TOTP or SQRL or
> Perhaps there are dovecot (and postfix submission) options to at least
> restrict access by IP?
Restricting by IP is soon going to become very tedious, especially if you are
dealing with more than a small number of users, and especially once post-COVID
travel comes back and people start
> Client certs appears to be a good solution.
>
> What's the process for managing them with more than a hundred client accounts?
If you've got the budget ... MDM.
If you don't, you can probably hack together some sort of self-service system.
>
> I believe the problem they are trying to solve
Quoting Benny Pedersen :
On 2021-07-15 16:49, Alex wrote:
What about something like what we used to do with pop-b4-smtp to at
least restrict by IP address?
no, pop was not handle million of users share one single nat ip,
weekforce cant handle that either, so allow_net cant do any better
The thing is, that people must stop expecting "being able to access mail
whenever you are" without extra steps.
Best solution is to offer a webmail with TOTP or SQRL or similiar secure auth
method.
Then have that webmail adds IP or country into trusted list, so if you want to
access IMAP mail
On 2021-07-15 16:49, Alex wrote:
What about something like what we used to do with pop-b4-smtp to at
least restrict by IP address?
no, pop was not handle million of users share one single nat ip,
weekforce cant handle that either, so allow_net cant do any better there
all i think is
Problem is that not many client support it - especially mobile ones.So
wireguard VPN is the way to go, much simpler for the users.
Originalmeddelande Från: Rick Romero
Datum: 2021-07-15 17:04 (GMT+01:00) Till: dovecot@dovecot.org Ämne: Re: Sv:
2FA/MFA with IMAP & pos
On 2021-07-15 8:07 a.m., Laura Smith wrote:
Perhaps there are dovecot (and postfix submission) options to at least restrict
access by IP?
Restricting by IP is soon going to become very tedious, especially if you are
dealing with more than a small number of users, and especially once
Quoting Alex :
Hi,
Unfortunately the best way to do multifactor authentication today
is to use OAUTH2, which isn't currently supported for own
installations. Or you can use client certs.
If you want to use some kind of MFA with tokens, you end up having
to feed your token all the
Hi,
> Unfortunately the best way to do multifactor authentication today is to use
> OAUTH2, which isn't currently supported for own installations. Or you can use
> client certs.
>
> If you want to use some kind of MFA with tokens, you end up having to feed
> your token all the time. So the
Hi,
> > Unfortunately the best way to do multifactor authentication today is
> > to use OAUTH2, which isn't currently supported for own installations.
> > Or you can use client certs.
> >
> > If you want to use some kind of MFA with tokens, you end up having to
> > feed your token all the time.
On 2021-07-15 07:26, Aki Tuomi wrote:
Unfortunately the best way to do multifactor authentication today is
to use OAUTH2, which isn't currently supported for own installations.
Or you can use client certs.
If you want to use some kind of MFA with tokens, you end up having to
feed your token all
Unfortunately the best way to do multifactor authentication today is to use
OAUTH2, which isn't currently supported for own installations. Or you can use
client certs.
If you want to use some kind of MFA with tokens, you end up having to feed your
token all the time. So the best option, for
Main problem is that not many clients do natively support multifactor.
Some clients, do popup a login dialog if the server rejects the password as
invalid, which can be used to create a "cheaty variant" of multifactor, but
some clients just popup an error dialog and tell the user to just correct
15 matches
Mail list logo