SSL wrapped sieve support (ala "imaps") for timsieved

Ben Poliakoff benp at
Tue Jun 17 13:38:49 EDT 2003

Hi all,

Given that in many environments end user interactions with sieve scripts
are mediated by web based interfaces (that don't easily lend themselves
to authentication methods like SASL/GSSAPI), how much work might it be
to implement a separate SSL wrapped "sieves" port for timsieved?

Of course this sort of thing can by done with stunnel, but that requires
the server admin to set "allowplaintext: yes".  I'd dearly love to have
the same logic that applies to imapd apply to timsieved. 

In other words with "allowplaintext: no" have AUTH=PLAIN be available
*if* the context of the connection to timsieved is STARTTLS *or*
"sieve/ssl".  Given the number of people running webmail systems in
conjuction with cyrus-imap it seems like might be a welcome feature.

In a nutshell, I really love the "allowplaintext: no" setting and I'd
really like to keep from having to allowing plain text authentication.

I know the IANA isn't thrilled about the proliferation of multi-ported
services, but the "sieves" port wouldn't have to be set in stone since
it would probably be most used by admins setting up webmail sieve
environments (just pick an available high port).

Has anyone already done this in a patch?  Would anyone else like to see
this feature be available in cyrus-imapd/timsieved?  Do the developers
cringe at the thought of this feature?


Ben Poliakoff                                       email: <benp at>
Reed College                                          tel:  (503)-788-6674
Unix System Administrator      PGP key:
0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

More information about the Info-cyrus mailing list