Re: Can the disable_plaintext_auth setting get overridden for a specific port?

2021-05-03 Thread Aki Tuomi 


> On 30/04/2021 20:17 Steve Dondley  wrote:
> 
>  
> In 10-auth.conf, I have "disable_plaintext_auth = yes"
> 
> For port 143, I'd like to do something like this to override that 
> setting:
> 
> service imap-login {
>inet_listener imap {
>  port = 143
>  disable_plain_text_auth = no
>}
> }
> 
> Based on https://wiki.dovecot.org/LoginProcess and 
> https://doc.dovecot.org/configuration_manual/service_configuration/ it 
> doesn't seem like this is supported. But maybe there is another way to 
> accomplish this?

If you want to allow plaintext auth from trusted proxies, use 
login_trusted_networks instead. 
https://doc.dovecot.org/settings/core/#login-trusted-networks

Aki

Re: Can the disable_plaintext_auth setting get overridden for a specific port?

2021-04-30 Thread @lbutlr 
On 30 Apr 2021, at 11:17, Steve Dondley  wrote:
> In 10-auth.conf, I have "disable_plaintext_auth = yes"
> 
> For port 143, I'd like to do something like this to override that setting:
> 
> service imap-login {
>  inet_listener imap {
>port = 143
>disable_plain_text_auth = no
>  }
> }

Are you sure you want to allow insecure plain text easily intercepted trivially 
hacked connections to your mail server? 

> Based on https://wiki.dovecot.org/LoginProcess and 
> https://doc.dovecot.org/configuration_manual/service_configuration/ it 
> doesn't seem like this is supported. But maybe there is another way to 
> accomplish this?

You are specifically turning off plaintext auth, the is going to do what it 
says on the tin.

BTW, there is no reasons to turn off plain text auth if you are using SSL as 
you should be.

-- 
The only good thing ever to come out of religion was the music.

Can the disable_plaintext_auth setting get overridden for a specific port?

2021-04-30 Thread Steve Dondley 

In 10-auth.conf, I have "disable_plaintext_auth = yes"

For port 143, I'd like to do something like this to override that 
setting:


service imap-login {
  inet_listener imap {
port = 143
disable_plain_text_auth = no
  }
}

Based on https://wiki.dovecot.org/LoginProcess and 
https://doc.dovecot.org/configuration_manual/service_configuration/ it 
doesn't seem like this is supported. But maybe there is another way to 
accomplish this?