From 155495deb2ada2eda99fa4bf809830a0b506e51d Mon Sep 17 00:00:00 2001
From: Peter Simons <simons@cryp.to>
Date: Fri, 21 Sep 2012 12:26:53 +0200
Subject: [PATCH] modules/services/mail/dovecot2.nix: accept plain text
 authentication only over secure channels when TLS is available

Connects from 'localhost' are always considered secure.
---
 modules/services/mail/dovecot2.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/services/mail/dovecot2.nix b/modules/services/mail/dovecot2.nix
index 14355f51e3d..2054b80d0b1 100644
--- a/modules/services/mail/dovecot2.nix
+++ b/modules/services/mail/dovecot2.nix
@@ -17,6 +17,7 @@ let
       ssl_cert_file = ${cfg.sslServerCert}
       ssl_key_file = ${cfg.sslServerKey}
       ssl_ca_file = ${cfg.sslCACert}
+      disable_plaintext_auth = yes
     '' else ''
       ssl = no
       disable_plaintext_auth = no