Restricting IMAP (143) port just for Squirrelmail?
rjs3 at andrew.cmu.edu
Wed Jun 11 13:32:52 EDT 2003
On Wed, 11 Jun 2003, Mark London wrote:
> I would like to restrict Cyrus to only allow users to use IMAPS, not plain
> IMAP. However, I was told that would break Squirrelmail, unless I opened
> access to IMAP (port 143) for the node that Squirrelmail was running on.
> But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that.
> I would need another TCP wrapper program (and not sure if even if I installed
> it, whether it's compatible with Xinetd). Is that true, or is there an easier
> way to do it? Another thought I had was to simply have IMAP running on a
> non-standard port number, and have configure Squirrelmail use that port
> (is that possible?). Thanks. - Mark
Well you can always just disallow plaintext logins (allowplaintext: f).
This won't stop really dumb clients from sending the password in the clear
anyway, but its a step in the right direction. This will also allow
STARTTLS clients to still operatate.
Also, Squirrelmail does support TLS connections (but not IMAPs), from a
brief read of their source (atleast in the 1.4 series).
Worst case, a firewall running on your IMAP server to only allow
connections on 143 from your squirrelmail host can be your friend.
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus