Disallow cleartext on the wire
Adam Tauno Williams
awilliam at whitemice.org
Mon Jan 10 07:00:13 EST 2011
On Sun, 2011-01-09 at 14:40 -0800, Dudi Goldenberg wrote:
> >I am using Thunderbird to test with. I want completely disallow logins
> >without TLS for IMAP.
> Have a look at /etc/cyrus.conf:
> SERVICES {
> # --- Normal cyrus spool, or Murder backends ---
> # add or remove based on preferences
> imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
> imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
> # pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
> #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
> #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
> #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100
>
> Just hash out imap and restart cyrus.
Incorrect. That disables IMAP (TCP/143) and leaves IMAP-over-SSL.
Secure IMAP (IMAP w/TLS) still uses TCP/143. IMAP-over-SSL is rather
hackish.
More information about the Info-cyrus
mailing list