requiring encryption but not from localhost?
tsg at bugalux.com
Wed Jul 30 08:26:45 EDT 2003
30 Июль 2003 13:21, Вы написали:
> At 10:54 +0200 tsg wrote:
> >You can have a look here www.bugalux.com/mbman/ (do not forget last
> > slash!) there are conf files for all applications to build a secure mail
> > server. User can connect to Cyrus-IMAP only imaps/pop3s ports. All
> > connects without encryption refused.
> ..and those using TLS also refused. This isn't good enough I'm
> afraid--sorry. I need access to port 143 for modern clients to work
In my conf file imapd.conf there is nothing about to refuse TLS encrypted
connection, there line to refuse connection if ssf < 128, so all mail cients
which is able to establish tls connection should be allowed.
> I forgot to say that at present we still need the use of the PLAIN
> mechanism. Is it possible to only accept PLAIN (and LOGIN, for that
> matter) after TLS or on the imaps port?
PLAIN (LOGIN) ower SSL/TLS is considered as secure.
> >Web-mail. Squiremail (version 1.4 and above) can connect to IMAP also
> > using SSL channel. Horde also. So you do not need any exception for
> > localhost. Jast place your webmail package under https tree in Apache.
> Squirrelmail requires PHP 4.3 (as I said in my original mail) for this to
> work. Placing it on an https server doesn't affect the IMAP traffic!
I am afraid, yes. You can compile it as loadable module to apache.
More information about the Info-cyrus