Re: Sv: Does disabling POP3 just mean removing it from the protocols list?

Tue, 01 Mar 2022 16:42:32 -0800

Honestly, I think that's too much work for almost no gain. Bots can do password guessing just as easily via IMAP or SMTP AUTH so there is little reason to think that trying to block POP3 access to them will do any extra good at all.
If you want to put rate limiting in place then that's all good but you'd best do it with all your entry points, not just POP3, and there's no practical reason to actually prevent a user from using POP3 if that's what they want (it limits features they have access to, nothing more). 


Peter


On 2/03/22 1:23 pm, Sebastian Nielsen wrote:

However, you SHOULD IMHO lock the access so it has to be manually opened for 
each user that wants it. Another way is to do a PTR lookup on IP and [DROP] the 
packet if its not a google IP.

And then have a IP restriction on IMAP and also 587/SMTP Auth.
This because there is bots out there that guess passwords and then send spam.

By locking access for POP3 by Google IP, you ensure it can only be used with 
the fetch feature of Gmail (which do have account-wise rate-limits to prevent 
password hacking).
In this way, you increase security. Of course it must be combined with IP 
restrictions and firewalling for IMAP and Auth on 587 aswell.

-----Ursprungligt meddelande-----
Från: dovecot-boun...@dovecot.org <dovecot-boun...@dovecot.org> För Harlan Stenn
Skickat: den 2 mars 2022 01:15
Till: Peter <pe...@pajamian.dhs.org>; dovecot@dovecot.org
Ämne: Re: Does disabling POP3 just mean removing it from the protocols list?

The reason to support POP3 is that if you forward email to another account and 
that includes any spam, you are gonna get dinged.  If folks want to read their 
email from gmail, they really need to suck that email over via POP to avoid 
this problem.

H

On 3/1/2022 3:13 PM, Peter wrote:

The only modern reason I can think of to continue to support POP3 is
that gmail's email fetch feature only works over POP3, so if you want
people to be able to import their email from your server to gmail or
google workspace then you should probably continue to support POP3.


Peter


On 2/03/22 10:54 am, Sean McBride wrote:

Hi all,

Hopefully a simple question. If I want to disable POP3 support
(because everyone is using IMAP anyway), it is just a matter of
removing |pop3| from the |protocols| setting in dovecot.conf?

Are there side effects or other considerations I should be aware of?

Thanks,

Sean



























					Reply via email to