Am Tuesday 27 March 2007 schrieb Ken Murchison: Hi Ken,
> control both the protocol-specific plaintext login commands (IMAP, > LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS), and the plaintext SASL > mechanisms (PLAIN, LOGIN). Yes, this is a good idea. > Since sending passwords in the clear sucks, and I would like to think > that most reasonable admins disable this option anyways, would anyone > have a major gripe if we change the allowplaintext option to default to > disabled in the 2.3.9 release? I think this is absolutly sane and actually what todays administrators expect. > Obviously, we will document this change > prominently in the release notes. > > https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2922 What about adding an option to limit the plaintext login commands to IPs/IP-Range? For all useful purposes I can imagine this would be really helpful. Regards, -- martin konold -- e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Sitz: Stuttgart - Partnerschaftsregister Stuttgart PR 126 http://www.erfrakon.com/
