Restricting IMAP (143) port just for Squirrelmail?
ken at oceana.com
Wed Jun 11 14:12:35 EDT 2003
Rob Siemborski wrote:
> On Wed, 11 Jun 2003, Mark London wrote:
>>I would like to restrict Cyrus to only allow users to use IMAPS, not plain
>>IMAP. However, I was told that would break Squirrelmail, unless I opened
>>access to IMAP (port 143) for the node that Squirrelmail was running on.
>>But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that.
>>I would need another TCP wrapper program (and not sure if even if I installed
>>it, whether it's compatible with Xinetd). Is that true, or is there an easier
>>way to do it? Another thought I had was to simply have IMAP running on a
>>non-standard port number, and have configure Squirrelmail use that port
>>(is that possible?).
Yes. You can have Cyrus imapd listen on whatever ports you want. You
could also restrict it to listen on a particular interface.
> Well you can always just disallow plaintext logins (allowplaintext: f).
> This won't stop really dumb clients from sending the password in the clear
> anyway, but its a step in the right direction. This will also allow
> STARTTLS clients to still operatate.
> Also, Squirrelmail does support TLS connections (but not IMAPs), from a
> brief read of their source (atleast in the 1.4 series).
> Worst case, a firewall running on your IMAP server to only allow
> connections on 143 from your squirrelmail host can be your friend.
Cyrus also supports tcpwrappers, which make be of some help.
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus