Please don't top-post. Put your answers below the text you
refer to.
Lists wrote:
Will have a go at those instructions thanks.
I don't want to make things difficult for our clients. I like the setup
that allows the client to use pop details to authenticate - I even
managed to get that working ;)
What I was trying to do with TLS was to encrypt the password that gets
sent (but i'm not sure this is even necessary)
Would it be alright to leave out TLS support? / OR / if TLS support is
enabled does it have to be used or will the pop details still authenticate?
TLS encryption is a separate feature from authentication.
They can be used individually or together. So wether you use
TLS or not doesn't really affect your authentication scheme.
While TLS isn't a requirement, it's very highly recommended
because the PLAIN and LOGIN authentication methods send the
username/password in what is essentially plain text. Using
TLS will protect the credentials (and all your mail content
too!) from any eavesdroppers. While you're at it, make sure
dovecot is configured to use TLS with POP/IMAP.
As a stopgap, you can enable the CRAM-MD5 method in the auth
section of your dovecot.conf. Just add it to the mechanisms
list and restart dovecot:
mechanisms = login plain cram-md5
The cram-md5 method is not "strong" encryption, but better
than nothing. Clients that can use it will automatically pick
it over the PLAIN or LOGIN methods. Postfix will log which
method a client uses. Note that cram-md5 only encrypts the
credentials, not the whole mail session, so it's not a
replacement for TLS.
--
Noel Jones
