STARTTLS Question
Daniel Whelan
merlin at ophelan.com
Tue Oct 7 18:25:08 EDT 2003
I'll go ahead and answer my own question, as I evidently haven't been
paying as much attention to the mailing list as I should have lately and
found my solution buried back a couple months. On 30 July 2003 Matt
Bernstein started a thread entitled "requiring encryption but not from
localhost?", where Scott Adkins proposed a solution. I implemented
something more or less like he proposed, and it worked. Specifically, I
created a second imapd.conf (imapd-local.conf) and configured it with
allowplaintext: yes. Then, I edited my cyrus.conf to look like the
following:
imaplocal cmd="imapd -U 30 -C /etc/imapd-local.conf" listen="localhost:ima
plocal" prefork=0 maxchild=100
imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
I couldn't get imaplocal to listen localhost on the imap port, so I defined
an "imaplocal" port in /etc/services as port 144, and pointed webmail at
that. All is well now...webmail from localhost gets plaintext, and everyone
else gets IMAPS or IMAP/STARTTLS.
Now I just need to finish documenting every mail client known to man...
(Mozilla, Outlook, Eudora, Mac Mail, Mulberry, mutt, pine, etc).
Daniel
> This wasn't actually my original question, but if I set allowplaintext to
> no, my webmail no longer is able to connect (as it wants an unencrypted
> connection). So, I'll ask a more complicated question:
>
> Can I selectively allow 127.0.0.1 to connect plaintext? Alternately, can
> I allow port X to be plaintext (and limited via tcpwrappers) and have
> port Y be no plaintext? Hopefully I'm not being too confusing.
More information about the Info-cyrus
mailing list