how to enable TLs encryption only ?

lartc lartc at manchotnetworks.net
Fri Mar 30 08:49:05 EST 2007 

Ho Joy,

your cyrus.conf probably looks something like:


START {
  recover       cmd="ctl_cyrusdb -r"
  idled         cmd="idled"
}

SERVICES {
  imap          cmd="imapd -p 2" listen="imap" prefork=0
  imaps         cmd="imapd -s" listen="imaps" prefork=0
  pop3          cmd="pop3d" listen="pop3" prefork=0
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
  sieve         cmd="timsieved -p 2" listen="sieve" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/spool/postfix/public/lmtp"
prefork=1
}

EVENTS {
  checkpoint    cmd="ctl_cyrusdb -c" period=5
  delprune      cmd="cyr_expire -E 3" at=0400
  tlsprune      cmd="tls_prune" at=1400
  squatter      cmd="squatter -r *" period=1440
}


kill or rem out the "imap" line leaving only "imaps" in the "SERVICES"
stanza -- you will only listen on 993 and take only secure connections.

cheers

charles


On Fri, 2007-03-30 at 15:32 +0530, JOYDEEP wrote:
> Carsten Mathaes wrote:
> > JOYDEEP wrote:
> >
> >   
> >> is it possible to enable the TLs encryption in cyrus ? I don't need the
> >> certificate to authenticate the client. only the transportation will be
> >> encrypted.
> >>     
> >
> > Hi!
> >
> > A look at /cyrus-imapd_source/doc/install-configure.html
> >   
> 
> Hi Carsten,
> 
> Thanks a lot for your response. I have already done this with the help
> of  Rudy.
> Now I want to restrict cyrus so that it only allow TLS encrption and
> nothing else.
> any suggestion ?
> have a nice day.
> 
> > shows:
> >
> > SSL, TLS, and OpenSSL
> >
> > [...]
> >
> > Configuring Cyrus with OpenSSL
> >
> > [...]
> >
> > 1. openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout
> > /var/imap/server.pem -days 365
> > [...]
> >
> > 2. Make sure to make key file(s) readable by the Cyrus user. For
> > example: chown cyrus /var/imap/server.pem
> >
> > 3. Add the following to /etc/imapd.conf to tell the server where to find
> > the certificate and key file (used for ALL services):
> > tls_cert_file: /var/imap/server.pem
> > tls_key_file: /var/imap/server.pem
> > [...]
> >
> > 4. You can test STARTTLS by using imtest:
> > imtest -t "" foobar.andrew.cmu.edu
> >
> > In your imapd.conf I think there must be a line like
> > imaps         cmd="imapd -s" listen="imaps" prefork=0
> >
> >
> > More details in your_source-tree/doc/
> >
> > Ciao!
> >
> > Carsten.
> > ----
> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
> >   
> 
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- 
"simplified chinese" is not nearly as easy as they would
have you believe ... a superlative oxymoron" --anonymous

More information about the Info-cyrus mailing list