Am 20.06.2019 um 12:28 schrieb FUSTE Emmanuel via dovecot:
Le 20/06/2019 à 11:59, @lbutlr via dovecot a écrit :
On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot
wrote:
There is plenty of context where TLS is not possible/desirable.
I’d say that is terrible advice. There are no
Jorge Bastos via dovecot skrev den 2019-06-20 11:56:
Users have access to SSL and TLS so it's fine, it's their options to
use or not.
why ssl/tls at all then ?
if useers have choices, thay use less secure one first
Emmanuel & Ibutlr,
I meant to say something-MD5, my fault,
-Original Message-
From: dovecot On Behalf Of FUSTE Emmanuel via
dovecot
Sent: Thursday, June 20, 2019 11:32
To: dovecot@dovecot.org
Subject: Re: Help on CRAM-MD5
Le 20/06/2019 à 12:25, @lbutlr via dovecot a écrit :
>
Le 20/06/2019 à 12:25, @lbutlr via dovecot a écrit :
> On 20 Jun 2019, at 04:14, Jorge Bastos via dovecot
> wrote:
>> I don't desagree with your vision, but if the use of CRAM- has to use
>> plaint text password's on the server there's a dark side, or there's a
>> CRAM-XXX that can use
Le 20/06/2019 à 11:59, @lbutlr via dovecot a écrit :
> On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot
> wrote:
>> There is plenty of context where TLS is not possible/desirable.
> I’d say that is terrible advice. There are no reasonable contexts where is it
> is acceptable to send mail
On 20 Jun 2019, at 04:14, Jorge Bastos via dovecot wrote:
> I don't desagree with your vision, but if the use of CRAM- has to use
> plaint text password's on the server there's a dark side, or there's a
> CRAM-XXX that can use encrypted on server side? There's always the thing
> that can
I don't desagree with your vision, but if the use of CRAM- has to use
plaint text password's on the server there's a dark side, or there's a
CRAM-XXX that can use encrypted on server side? There's always the thing
that can clients don't support it.
I think i'm not wrong with what i said,
On
On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot
wrote:
> There is plenty of context where TLS is not possible/desirable.
I’d say that is terrible advice. There are no reasonable contexts where is it
is acceptable to send mail credentials without encryption. My users have had to
use
Subject: Re: Help on CRAM-MD5
Hello,
The world is not black or white.
Yes CRAM-MD5 is old and his successor SCRAM-XX is not widely
available/implemented which is sad.
For your need, use TLS and forget about it.
Thunderbird is conservative. If you don't configure TLS or TLS is not
available
>
> -Original Message-
> From: dovecot On Behalf Of Aki Tuomi via dovecot
> Sent: 19 de junho de 2019 07:31
> To: Alexander Dalloz ; dovecot@dovecot.org
> Subject: Re: Help on CRAM-MD5
>
>
> On 19.6.2019 7.48, Alexander Dalloz via dovecot wrote:
>> Am 1
; dovecot@dovecot.org
Subject: Re: Help on CRAM-MD5
On 19.6.2019 7.48, Alexander Dalloz via dovecot wrote:
> Am 19.06.2019 um 00:04 schrieb Jorge Bastos via dovecot:
>> Howdy,
>>
>> I'm using dovecot and mysql users, and i'm creating the password with:
>>
>> ENCRYPT('som
On 19.6.2019 7.48, Alexander Dalloz via dovecot wrote:
> Am 19.06.2019 um 00:04 schrieb Jorge Bastos via dovecot:
>> Howdy,
>>
>> I'm using dovecot and mysql users, and i'm creating the password with:
>>
>> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
>>
>> So far so good,
Am 19.06.2019 um 00:04 schrieb Jorge Bastos via dovecot:
Howdy,
I'm using dovecot and mysql users, and i'm creating the password with:
ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
So far so good, everything's fine.
Today saw that i didn't enabled CRAM-MD5, but if I do,
> On 18 Jun 2019, at 16:56, Shaun Johnson via dovecot
> wrote:
>
> On Tue, 18 Jun 2019 16:41:06 -0600
> "@lbutlr via dovecot" wrote:
>
>> What is the reason for wanting to enable CRAM-MD5? That was intended
>> to use on unsecured connections; you should not be allowing
>> authentication on
On Tue, 18 Jun 2019 16:41:06 -0600
"@lbutlr via dovecot" wrote:
> What is the reason for wanting to enable CRAM-MD5? That was intended
> to use on unsecured connections; you should not be allowing
> authentication on unsecured connections in 2019.
>
> Establish a secure submission on port 587
On 18 Jun 2019, at 16:04, Jorge Bastos via dovecot wrote:
> I'm using dovecot and mysql users, and i'm creating the password with:
>
> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
Why not just use the builtin tool in dovecot?
doveadm pw -s SHA256-CRYPT -p
16 matches
Mail list logo