STARTTLS Question

Scott Adkins adkinss at ohio.edu
Wed Oct 8 09:00:58 EDT 2003 

--On Tuesday, October 07, 2003 6:25 PM -0400 Daniel Whelan 
<merlin at ophelan.com> wrote:

> I'll go ahead and answer my own question, as I evidently haven't been
> paying as much attention to the mailing list as I should have lately and
> found my solution buried back a couple months. On 30 July 2003 Matt
> Bernstein started a thread entitled "requiring encryption but not from
> localhost?", where Scott Adkins proposed a solution. I implemented
> something more or less like he proposed, and it worked. Specifically, I
> created a second imapd.conf (imapd-local.conf) and configured it with
> allowplaintext: yes. Then, I edited my cyrus.conf to look like the
> following:
>
> imaplocal   cmd="imapd -U 30 -C /etc/imapd-local.conf"
> listen="localhost:ima plocal" prefork=0 maxchild=100
> imap        cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
> imaps       cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
>
> I couldn't get imaplocal to listen localhost on the imap port, so I
> defined an "imaplocal" port in /etc/services as port 144, and pointed
> webmail at that. All is well now...webmail from localhost gets plaintext,
> and everyone else gets IMAPS or IMAP/STARTTLS.

If I had to guess, the reason you couldn't get imaplocal to listen to
localhost:imap is probably because the imap and imaps services were
already listening on the imap/imaps ports, specifically *:imap and *:imaps.
I don't know what order Cyrus internally starts to configure the ports
for listening on, but that is likely the issue here (port binding).

The solution that should work is the following (trimmed for clarity):

  imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="localhost:imap"
  imap      cmd="imapd"                          listen="hostname:imap"
  imaps     cmd="imapd -s"                       listen="hostname:imaps"

Whatever the hostname of your machine is should replace "hostname" in the
above configuration.  If you want to be able to telnet to the imaps port
on localhost for who knows what reason, then take "hostname" out of the
"imaps" line and just leave it as "imaps".

Hope that helps...
Scott
-- 
 +-----------------------------------------------------------------------+
      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                  mailto:adkinss at ohio.edu
        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
 +-----------------------------------------------------------------------+
     PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20031008/92815976/attachment.bin

More information about the Info-cyrus mailing list