Michael Lucas¹ :flan_molotov: on Nostr: "Dovecot considers connections from the local host secure. If you test the STARTTLS ...
"Dovecot considers connections from the local host secure. If you test the STARTTLS requirement from the host running Dovecot you’ll find it accepts plain text credentials. It refuses unencrypted credentials from other hosts, however." #ryoms
I just spent two hours learning this detail. Two hours of screaming "WHY IS THIS ACCEPTING PLAINTEXT VIA NETCAT FROM THE LOCAL HOST???!?"
Published at
2024-01-24 16:03:29Event JSON
{
"id": "16c185d219506bb7b85794e393c38ae7c3bcf12f9aee64db0f3fb33af520c4fb",
"pubkey": "967c6f3bb809d3ae791381503ec70d0da6a7ec7366f83b7c046e72d0a0748e98",
"created_at": 1706112209,
"kind": 1,
"tags": [
[
"t",
"RYOMS"
],
[
"proxy",
"https://io.mwl.io/users/mwl/statuses/111811769753403150",
"activitypub"
]
],
"content": "\"Dovecot considers connections from the local host secure. If you test the STARTTLS requirement from the host running Dovecot you’ll find it accepts plain text credentials. It refuses unencrypted credentials from other hosts, however.\" #ryoms \n\nI just spent two hours learning this detail. Two hours of screaming \"WHY IS THIS ACCEPTING PLAINTEXT VIA NETCAT FROM THE LOCAL HOST???!?\"",
"sig": "d2d3c0d298e3962fa212658dfd246e371a5b22e8742bf8d0689f90a6a728598a72b9a9720bf49b468d975a7f626948895fed1eee28b535cb95ec1545dccf3ae1"
}