requiring encryption but not from localhost?

tsg tsg at bugalux.com
Wed Jul 30 08:26:45 EDT 2003


30 Июль 2003 13:21, Вы написали:
> At 10:54 +0200 tsg wrote:
> >You can have a look here www.bugalux.com/mbman/ (do not forget last
> > slash!) there are conf files for all applications to build a secure mail
> > server. User can connect to Cyrus-IMAP only imaps/pop3s ports. All
> > connects without encryption refused.
>
> ..and those using TLS also refused. This isn't good enough I'm
> afraid--sorry. I need access to port 143 for modern clients to work
> properly.
>
In my conf file imapd.conf there is nothing about to refuse TLS encrypted 
connection, there line to refuse connection if ssf < 128, so all mail cients 
which is able to establish tls connection should be allowed.

> I forgot to say that at present we still need the use of the PLAIN
> mechanism. Is it possible to only accept PLAIN (and LOGIN, for that
> matter) after TLS or on the imaps port?
PLAIN (LOGIN) ower SSL/TLS is considered as secure.
>
> >Web-mail. Squiremail (version 1.4 and above) can connect to IMAP also
> > using SSL channel. Horde also. So you do not need any exception for
> > localhost. Jast place your webmail package under https tree in Apache.
>
> No.
>
> Squirrelmail requires PHP 4.3 (as I said in my original mail) for this to
> work. Placing it on an https server doesn't affect the IMAP traffic!
I am afraid, yes. You can compile it as loadable module to apache.
>
> Matt






More information about the Info-cyrus mailing list