dovecot: tentando bloquear conexões não criptografadas

1

Curto e simples - não entendo por que isso ainda está funcionando.

Minhas configurações têm

disable_plaintext_auth = yes
ssl = required

que, de acordo com os documentos, significa

SSL/TLS is always required, even if non-plaintext authentication mechanisms are used. Any attempt to authenticate before SSL/TLS is enabled will cause an authentication failure.

E, no entanto, ainda posso

$ telnet 0 110
+OK Dovecot ready.
user xxxxxx
+OK
pass xxxxxx
+OK Logged in.
list
+OK 2 messages:
1 3761
2 4057
.
quit

O que estou fazendo de errado?

    
por hymie 26.09.2016 / 01:46

1 resposta

2

Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they're assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.

link

    
por 26.09.2016 / 08:11