Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)DD
dylan_dofst @lemmy.ml
Posts 1
Comments 2
Lemmy Support @lemmy.ml dylan_dofst @lemmy.ml

Is this a terrible idea - receiving e-mail to reset accounts?

I'm working on setting up an instance but I don't want to deal with the hassle and expense of having it send e-mails.

I don't think the loss of e-mail notifications is that big a deal - people can just use an app for that. However, I don't want to lose the ability to reset accounts.

So I'm thinking about setting up an MTA on the same server as the Lemmy instance and setting up a script to read e-mails it receives for passwords. If the script receives an e-mail from an address attached to the account it will set the account's password in the database based on the content of the e-mail. Users will be encouraged after login to manually update their password again so it is not stored in plain text anywhere.

My main concern with this is I'm not sure if it would be as secure as sending a password reset e-mail (even aside from the temporary plain text password). I would have the MTA check SPF and DKIM records of course. Is there a significant risk of, e.g., malicious actors spoofing e-mails to hijack accounts?

1
*Permanently Deleted*
  • You're actually posting in a community on a different instance than yours right now.

    To answer your question one surefire way to find a community on another instance is to paste it into the search bar. There are other ways you can discover a community dynamically. E.g. [email protected]. If you're not logged in to the instance with the community you may see instructions on the sidebar for this.