monnerat
monnerat
> I've never heard of it. Are there many users? I don't know: however there are many users asking for the feature in mail clients. This is THE protocol allowing...
> I didn't even know what the protocol did before your PR here One more thing: sieve is the missing link between an SMTP/IMAP-based server and the proprietary server mentioned...
> ...the language is awkward... It is derived from ACAP: https://www.rfc-editor.org/info/rfc2244. > Is someone aware of a compilation of email providers / server software supporting ManageSieve? The protocol has been...
> AFAIU the former doesn't imply the latter. Yes, but we can logically hope it's not the case. > At least the few services I happen to know with Sieve...
> The services I know allow editing Sieve filters via their filter configuration web UI. This is what Horde groupware module ingo does, but it uses ManagesSieve at the server...
> one difference is that those all support implicit TLS. With ManageSieve there is no secure alternative I don't think `--ssl-reqd` is less secure than implicit TLS. The only potential...
> New paper on STARTTLS vulnerabilities: https://nostarttls.secvuln.info/ [paper] [via] Thanks for the link. Unfortunately the test tool used in this study does not include ManageSieve (targets SMTP/IMAP/POP3 only) and is...
I did a quick search for server-side ManageSieve support: Servers supporting ManageSieve: - Apache James https://james.apache.org/ - Cyrus IMAP https://www.cyrusimap.org/3.4/imap/reference/admin/sieve.html - Dovecot https://wiki1.dovecot.org/ManageSieve - Kolab https://docs.kolab.org/installation-guide/preparing-the-system.html#system-firewall - Archiveopterix https://archiveopteryx.org/sieve/ -...
> As per section 6.2.3 of RFC-9051 allow the fallback to a clear text LOGIN when a SASL based AUTHENTICATE fails. This also is an implicit recognition that 2 auth...
> ... some work to implement CURLOPT_SAFE_AUTH - that would satisfy the recommendation from RFC-9051. The goal of` CURLOPT_SAFE_AUTH` [PR](https://github.com/curl/curl/pull/8295) won't add a fallback mechanism. This is just a security...