Restricting IMAP (143) port just for Squirrelmail?

Rob Siemborski rjs3 at
Wed Jun 11 13:32:52 EDT 2003

On Wed, 11 Jun 2003, Mark London wrote:

> I would like to restrict Cyrus to only allow users to use IMAPS, not plain
> IMAP.  However, I was told that would break Squirrelmail, unless I opened
> access to IMAP (port 143) for the node that Squirrelmail was running on.
> But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that.
> I would need another TCP wrapper program (and not sure if even if I installed
> it, whether it's compatible with Xinetd).  Is that true, or is there an easier
> way to do it?  Another thought I had was to simply have IMAP running on a
> non-standard port number, and have configure Squirrelmail use that port
> (is that possible?).  Thanks.  -  Mark

Well you can always just disallow plaintext logins (allowplaintext: f).
This won't stop really dumb clients from sending the password in the clear
anyway, but its a step in the right direction.  This will also allow
STARTTLS clients to still operatate.

Also, Squirrelmail does support TLS connections (but not IMAPs), from a
brief read of their source (atleast in the 1.4 series).

Worst case, a firewall running on your IMAP server to only allow
connections on 143 from your squirrelmail host can be your friend.


Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

More information about the Info-cyrus mailing list