how to enable TLs encryption only ?
lartc
lartc at manchotnetworks.net
Fri Mar 30 08:49:05 EST 2007
Ho Joy,
your cyrus.conf probably looks something like:
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
imap cmd="imapd -p 2" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved -p 2" listen="sieve" prefork=0
lmtpunix cmd="lmtpd" listen="/var/spool/postfix/public/lmtp"
prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=5
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=1400
squatter cmd="squatter -r *" period=1440
}
kill or rem out the "imap" line leaving only "imaps" in the "SERVICES"
stanza -- you will only listen on 993 and take only secure connections.
cheers
charles
On Fri, 2007-03-30 at 15:32 +0530, JOYDEEP wrote:
> Carsten Mathaes wrote:
> > JOYDEEP wrote:
> >
> >
> >> is it possible to enable the TLs encryption in cyrus ? I don't need the
> >> certificate to authenticate the client. only the transportation will be
> >> encrypted.
> >>
> >
> > Hi!
> >
> > A look at /cyrus-imapd_source/doc/install-configure.html
> >
>
> Hi Carsten,
>
> Thanks a lot for your response. I have already done this with the help
> of Rudy.
> Now I want to restrict cyrus so that it only allow TLS encrption and
> nothing else.
> any suggestion ?
> have a nice day.
>
> > shows:
> >
> > SSL, TLS, and OpenSSL
> >
> > [...]
> >
> > Configuring Cyrus with OpenSSL
> >
> > [...]
> >
> > 1. openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout
> > /var/imap/server.pem -days 365
> > [...]
> >
> > 2. Make sure to make key file(s) readable by the Cyrus user. For
> > example: chown cyrus /var/imap/server.pem
> >
> > 3. Add the following to /etc/imapd.conf to tell the server where to find
> > the certificate and key file (used for ALL services):
> > tls_cert_file: /var/imap/server.pem
> > tls_key_file: /var/imap/server.pem
> > [...]
> >
> > 4. You can test STARTTLS by using imtest:
> > imtest -t "" foobar.andrew.cmu.edu
> >
> > In your imapd.conf I think there must be a line like
> > imaps cmd="imapd -s" listen="imaps" prefork=0
> >
> >
> > More details in your_source-tree/doc/
> >
> > Ciao!
> >
> > Carsten.
> > ----
> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
> >
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
"simplified chinese" is not nearly as easy as they would
have you believe ... a superlative oxymoron" --anonymous
More information about the Info-cyrus
mailing list