Am 06.12.2014 um 06:56 schrieb Jan Wideł:
If you add disable_plaintext_auth=yes ssl=required settings, then dovecot will drop authentication without STARTTLS. But damage will be done, client will send unencrypted (or in this scenario MD5 or SHA512 hash) login/password
no, damage will *not* be doneSTARTTLS happens in context of connect and *log before* any authentication is tried the handshake between client/server fails
signature.asc
Description: OpenPGP digital signature
