Easily force secure access only to E-Mail

[IT_Architect]

Easily force secure-only access to E-Mail

I know about this: How to require secure connections for E-mail, but in this day of mobile devices we can't afford to have people giving away their login credentials every place they go when their device checks for E-Mail. It should be the default behavior to disallow unencrypted access to E-Mail, and have it survive re-write configs.

 

[Erulezz]

+1. Or a simpler way to disable plaintext_auth in dovecot.conf, something like exim.variables.conf.custom. Now after a dovecot update plaintext_auth is enabled again.

 

[IT_Architect]

+1. Or a simpler way to disable plaintext_auth in dovecot.conf, something like exim.variables.conf.custom. Now after a dovecot update plaintext_auth is enabled again.

The end game will no doubt end up being any remote access, including PHPMyAdmin, remote MySQL access, etc., but for now, the number one take-over method for spammers by far is people giving away their credentials through accessing their email from portable devices with an unencrypted connection. What makes the email part critical is everyone, including non-technical users, have email. No commercial email service, nor any other commercial service for that matter, has allowed unencrypted access in more than a decade. The people who should have to re-hack their configuration files every time they do an install or config rewrite, are the very few who want unencrypted access.