-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric DV wrote: > Dear Squirrelmail experts, > I have a small home server debian based, with postfix/dovecot/squirrelmail > installed locally and working. Dovecot is used non-secured (no imaps) but > only on the 192.168.0.100 address (address of the server on the local > network). I want to use squirrelmail to read my email from outside. > Squirrelmail can configured to access it in particular, either through > cram-md5 or login auths. > In that situation, is it better (I mean more secure) to use : 1) auth > mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication > for dovecot) ? That will determine dovecot configuration. In the specific instance you have described above, there is no difference between using the regular LOGIN method and CRAM-MD5, as all communication between SquirrelMail and the IMAP server is occuring essentially on localhost. (is there a reason you're not using 127.0.0.1 to connect? You cannot sniff the communication to localhost from a remote machine (other than logging into the box as root and sniffing localhost there). So, go for a trivial speed boost and use the LOGIN method. Then secure squirrelmail by using HTTPS, such as some mod_rewrite rules or the secure_login plugin. (I prefer the plugin, I find it more flexible but that's just me). - -- Chris Hilts tassium@xxxxxxxxxxxxxxxx SquirrelMail Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iD8DBQFGOc2I98ixrK2vMtARAupCAJ4z1PSLOfAil9Fpr+ZfAF08TnCvxwCfRlAx D3QcODX2rtVdOHH1asBBkB4= =lTsD -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
