[wplug-bsd] Dovecot IMAP and FreeBSD

Brandon Kuczenski brandon at 301south.net
Thu Nov 11 21:37:19 EST 2004


Bill -- IIRC, you recommended the 'dovecot' IMAP client.  I installed the
port because it seems to do everything I want it to do, and be
straightforward to configure.

However, because I anticipate that IMAP will be the most-used service of
this box once I enable it (replacing ssh), I want to make sure I got the
security right.

First of all, I don't have to use SSL as long as I use an md5-style
password-hashing routine, right?  Then passwords are encrypted but emails
themselves are sent in plaintext?

Second, I don't want my users to use their shell account passwords for
IMAP.  It looks as though I can specify one file (say, /etc/passwd) for
the user database, and then use a separate file (say, /etc/imap.passwd)
for the password repository.  My question: how do I create the password
hashes that go in that password file?

I think those are all my questions.  Then, am I correct in saying that
I can open port 143 (and, obviously, start dovecot) and people can connect
to port 143, authenticate securely, and read their mail from remote?

-Brandon



More information about the wplug-bsd mailing list