How to _mandatory upgrade to TLS_ with sieve or other cyrus services?
Andrew Morgan
morgan at orst.edu
Fri Jul 10 12:02:31 EDT 2009
On Fri, 10 Jul 2009, Thomas Harding wrote:
> Hello,
> I use imaps with a single CA (home made), which make me able to filter
> users basing on trusted-CA signed certificates.
>
> This allows me to restrict user's login on their ability to present
> a certificate signed by my CA, and only by it (that's what I hope),
> as I disabled all services but imaps and sieve.
>
> However, I can't find how to obtain the same behavior with sieve :
> it still allows non-encrypted sessions.
>
> My version is a Debian packaged one:
> ii cyrus-imapd-2.2 2.2.13-14+b3
>
>
> Here the relevant lines of my /etc/imapd.conf :
> tls_cert_file: /etc/ssl/certs/xxxxxxxxxxx.pem
> tls_key_file: /etc/ssl/private/xxxxxxxxxxxxxx.key.pem
> tls_ca_file: /etc/ssl/certs/xxxxxxxxxxxx.pem
> tls_require_cert: true
>
> How to disable non-TLS sessions on sieve, and more generally for any
> cyrus service?
I can't remember if this setting was in Cyrus 2.2 versions, but have you
tried setting:
allowplaintext: 0
in your imapd.conf?
Andy
More information about the Info-cyrus
mailing list