Restricting IMAP (143) port just for Squirrelmail?

[Ken Murchison]

Rob Siemborski wrote:
> On Wed, 11 Jun 2003, Mark London wrote:
> 
> 
>>I would like to restrict Cyrus to only allow users to use IMAPS, not plain
>>IMAP.  However, I was told that would break Squirrelmail, unless I opened
>>access to IMAP (port 143) for the node that Squirrelmail was running on.
>>But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that.
>>I would need another TCP wrapper program (and not sure if even if I installed
>>it, whether it's compatible with Xinetd).  Is that true, or is there an easier
>>way to do it?  Another thought I had was to simply have IMAP running on a
>>non-standard port number, and have configure Squirrelmail use that port
>>(is that possible?).

Yes.  You can have Cyrus imapd listen on whatever ports you want.  You 
could also restrict it to listen on a particular interface.

> 
> Well you can always just disallow plaintext logins (allowplaintext: f).
> This won't stop really dumb clients from sending the password in the clear
> anyway, but its a step in the right direction.  This will also allow
> STARTTLS clients to still operatate.
> 
> Also, Squirrelmail does support TLS connections (but not IMAPs), from a
> brief read of their source (atleast in the 1.4 series).
> 
> Worst case, a firewall running on your IMAP server to only allow
> connections on 143 from your squirrelmail host can be your friend.


Cyrus also supports tcpwrappers, which make be of some help.



-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp