STARTTLS available?
Marten Lehmann
lehmann at cnm.de
Mon Oct 23 13:25:03 EDT 2006
Hello,
> Good, now show us your imapd.conf and any tls errors that appear in your
> log.
configdirectory: /cyrus/config
partition-default: /cyrus/spool
admins: cyrus
sievedir: /cyrus/config/sieve
sendmail: /usr/sbin/sendmail
altnamespace: true
hashimapspool: true
unixhierarchysep: true
virtdomains: userid
allowusermoves: true
sasl_pwcheck_method: getpwent auxprop saslauthd
sasl_mech_list: PLAIN
servername: test
imaps_tls_cert_file: /cyrus/certs/imap.crt
imaps_tls_key_file: /cyrus/certs/imap.key
pop3s_tls_cert_file: /cyrus/certs/pop3.crt
pop3s_tls_key_file: /cyrus/certs/pop3.key
lmtp_over_quota_perm_failure: true
munge8bit: true
username_tolower: true
There are no tls errors as TLS is working fine. Remember: pop3s is
running with ssl on port 995 all the time, same with imaps on port 993.
Whereas pop3 on port 110 and imap on port 143 are usually not encrypted.
But with STARTTLS you can encrypt the session while still connecting to
port 110/143, while you usually have to connect to the special ports to
get encrypted connections. However, the server must show that he
supports STARTTLS by mentioning it on the CAPABILITIES list, otherwise
clients aren't trying to use it.
Regards
Marten
More information about the Info-cyrus
mailing list