[wplug-bsd] Dovecot IMAP and FreeBSD
Brandon Kuczenski
brandon at 301south.net
Thu Nov 11 21:37:19 EST 2004
Bill -- IIRC, you recommended the 'dovecot' IMAP client. I installed the
port because it seems to do everything I want it to do, and be
straightforward to configure.
However, because I anticipate that IMAP will be the most-used service of
this box once I enable it (replacing ssh), I want to make sure I got the
security right.
First of all, I don't have to use SSL as long as I use an md5-style
password-hashing routine, right? Then passwords are encrypted but emails
themselves are sent in plaintext?
Second, I don't want my users to use their shell account passwords for
IMAP. It looks as though I can specify one file (say, /etc/passwd) for
the user database, and then use a separate file (say, /etc/imap.passwd)
for the password repository. My question: how do I create the password
hashes that go in that password file?
I think those are all my questions. Then, am I correct in saying that
I can open port 143 (and, obviously, start dovecot) and people can connect
to port 143, authenticate securely, and read their mail from remote?
-Brandon
More information about the wplug-bsd
mailing list