IMAP & SMTP password encryption type

Jobbedf · January 22, 2023, 1:53pm

SYSTEM INFORMATION
OS type and version	Ubuntu 20.04.5
Webmin version	Webmin 2.011
Virtualmin version	Virtualmin 7.5
Related packages	Dovecot/Postfix/Roundcube

Hello

I noticed that the password encryption type of my mailboxes in Virtualmin is set to plaintext.
I am using mail.domainname.be with an SSL certificate for the connection but still that excryption type is set to plaintext, isn’t that non encrypted, isn’t that dangerous? I also use roundcube (with SSL) via Virtualmin, what encryption type is hat there when logging in?
If so, how can I best modify this so that the password types are nocrypted.

Everything is at the default settings, both at dovecot, postfix and roundcube.

Dovecot User and Login Options:

Joe · January 23, 2023, 2:07am

It has to be plaintext because there is no overlap between Linux system user passwords and email protocol support. But, assuming you use TLS (via STARTTLS or SMTPS) for client connections, the password does not travel in plain text, it is only plain at each end.

The only way to avoid that would be to not use Linux/UNIX system users and instead use a dedicated mail user database (which I generally recommend against).

system · January 31, 2023, 2:08am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.