On 7/23/2007, Frank Behrens ([EMAIL PROTECTED]) wrote:
I want to discuss some problems/enhancements for dovecot in a
webmail/otp setup.
For access to an IMAP server like dovecot I see different client
types:
a) a "normal" MUA installed in a more or less trusted environment
b) remote access via "webmail" from untrusted environments
What about:
c) a "normal" MUA accessing via the internet from untrusted environments
This is the recommended way all of our users access their email -
webmail is just for the occasional access from a friends or other
computer that they don't use regularly.
For a) I see with dovecot and other IMAP servers no problems, tricky
is the setup for b).
Webmail is very easy to do...
If you use a webmail client in an untrusted environment the risk is
high, that keyloggers and other malware steal your password.
Eh? Thats what SSL/TLS is for... I agree that providing access - either
via webmail or any other MUA - on an unsecured connection from an
untrusted source is very hazardous - but setting up SSL is fairly simple
too, and I even force SSL/TLS on all of my connections even inside our
trusted network (no reason not to - the extra overhead is very small).
Sorry, but I don't understand the problem you are trying to solve...
--
Best regards,
Charles