1

Topic: [Feature request] 2FA/MFA

Hi,

After a brief search I got nothing, so apologies if this is answered already, but are there any plans/ideas about introducing two-factor authentication into the various authentication elements of iRedMail. I appreciate some things, such as IMAP/SMTP auth, are a bit more difficult to get right than, say, web consoles, but it seems like a good idea.

I look after a couple of pro-licensed servers if it's more of a pro feature, but due to them being in production, wouldn't be able to provide any testing earlier than beta or release candidate, unfortunately.

Regards,
Steve.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [Feature request] 2FA/MFA

We have no plan to offer 2-factor authentication.

*) If you need this for webmail, it's better to ask in Roundcube or SOGo mailing list.
*) For SMTP service, ask in Postfix mailing list.
*) For IMAP/POP3 service, ask in Dovecot mailing list.

3

Re: [Feature request] 2FA/MFA

OK, if I get something working I'll post here so it can be Wiki'd or maybe integrated in the future.

Thanks,
Steve.

4

Re: [Feature request] 2FA/MFA

I would look at doing this in the Nginx/Apache level (if possible).

That wouldn't truly be using 2FA for a single application. Rather it would be first authenticating to Nginx, which then allows you to talk to the underlying web app so you can authenticate to it. The bad guys would have to break through two completely separate security systems.

There are good tutorials for Nginx as a reverse proxy. It's a lot easier to use for that than Apache. I'm still quite new to Nginx however, so anything I say about Nginx should be viewed with caution.

5

Re: [Feature request] 2FA/MFA

It's now 2019 and 2FA is more than needed now. What are the plans here?
Please have in mind that it could be, that in the EU it may become law in the near future to provide 2FA (see the plans for extending the DSGVO).

6

Re: [Feature request] 2FA/MFA

- For Roundcube, there's a plugin for this.
- For iRedAdmin-Pro, we have it on todo list, but not so high priority right now.

7

Re: [Feature request] 2FA/MFA

I've just installed iRedMail with SOGO (for family use) rather than RoundCube. Whilst RoundCube supports MFA, I was interested in the shared calendaring etc in SOGO, but disappointed to find it does not support MFA (yet).

Just wanted to add my 'vote' to request MFA is included in the near future.

8

Re: [Feature request] 2FA/MFA

For the 2FA/MFA support, you have to post this request to either Roundcube or SOGo mailing list, so that developers can hear you:

- Roundcube: https://roundcube.net/support/
- SOGo: https://sogo.nu/support.html

9 (edited by deweydb 2023-01-19 23:12:56)

Re: [Feature request] 2FA/MFA

ZhangHuangbin wrote:

For the 2FA/MFA support, you have to post this request to either Roundcube or SOGo mailing list, so that developers can hear you:

Dovecot now supports Oauth 2, so it should be theoretically possible?
doc [dot] dovecot [dot] org/configuration_manual/authentication/oauth2/

10

Re: [Feature request] 2FA/MFA

You're free to give it a try. smile