how to use cyradm with imaps ?

Sébastien Rozier sebastien.rozier at cybergaia.org
Sun Apr 20 11:30:58 EDT 2008


Thanx for all your answers, but this is not my original question :-)
" In fact, I don't use and don't want to use TLS, but IMAP over SSL."
	I don't want ANYTHING running on port 143.
	I don't want imap daemon running on my server, only imaps.
	I still want to be able to use cyradm, and use it through imaps 993.

Is it possible ?

Thanx,
Seb

-----Message d'origine-----
De : Jorey Bump [mailto:list at joreybump.com] 
Envoyé : lundi 14 avril 2008 20:43
À : Andrew Morgan
Cc : Sébastien Rozier; info-cyrus at lists.andrew.cmu.edu
Objet : Re: how to use cyradm with imaps ?

Andrew Morgan wrote, at 04/14/2008 12:44 PM:

> Isn't there a way to have Cyrus listen on the regular IMAP port (143) 
> but require a secure connection to login?  Some trick with 
> allowplaintext and/or sasl_minimum_layer?

Yes. For example:

   sasl_pwcheck_method: auxprop
   sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
   allowplaintext: no
   sasl_minimum_layer: 128

To connect with cyradm using TLS:

   cyradm localhost -tls

> Who cares if you listen on 143 as long as people aren't sending 
> passwords in the clear.  TLS is as good as SSL.

Agreed. Furthermore, it stops a lot of brute force password cracking 
attempts dead in their tracks, since most don't attempt to use encrypted 
connections (they're looking for low hanging fruit, I guess).




More information about the Info-cyrus mailing list