Re: Postfix setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 03/11/2013 05:27 AM, Eero Volotinen wrote:
> 2013/3/11 Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>:
>> On 03/11/2013 05:08 AM, Eero Volotinen wrote:
>>>>>      - Firewall and SELinux should be disabled.
>>>> Bad advice.
>>> this page also configures unsafe imap and pop settings. People should
>>> always enable only ssl-enabled versions of imap and pop only.
>>
>> Just don't open those ports.  Then they only work locally.  For imap, that
>> works well with the local imap webmail software.
>>
>> Why should a local squirelmail or roundcube server have to go through SSL to
>> the local dovecot server?
> why not? it is always wise to use encrypted protocols, when possible.

If the system is so hacked that there is a risk of snooping on 
localhost, you have larger issues.

And I develop cryptographic protocols.  RIght now I am off to the IETF 
meeting.  I understand what encrypted protocols give and what they 
don't.  In this case, the user is validating the webmail cert for their 
TLS connection to webmail.  They don't even see the dovecot cert.  maybe 
it is the same cert or maybe not.  But the point is it never gets to the 
user domain for validation.

Further, it may well be the case that webmail uses a single TLS channel 
to dovecot for all users?  Would have to look into that.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux