How to Prevent unencrypted sieve logins
Nikolaus Rath
Nikolaus at rath.org
Tue Oct 18 11:28:34 EDT 2011
Hello,
I'm starting timsieved with
# grep sieve /etc/cyrus.conf
# useful if you need to give users remote access to sieve
sieve cmd="timsieved" listen="sieve" prefork=1 maxchild=15
# except for sieve (which deals automatically with Murder)
And imapd.conf contains (irrelevant entries removed manually):
# egrep -v '^(#|\s*$)' /etc/imapd.conf
allowanonymouslogin: no
allowplaintext: no
sasl_mech_list: PLAIN
sasl_minimum_layer: 192
sasl_pwcheck_method: auxprop saslauthd
sasl_saslauthd_path: /var/run/saslauthd_pam/mux
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
tls_cert_file: /etc/ssl/cyrus.crt
tls_key_file: /etc/ssl/cyrus.key
tls_ca_file: /etc/ssl/ca.crt
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
However, I'm still able to log into sieve without using any encryption
at all.
What do I need to do to prevent unencrypted transmission of the
password?
Cyrus 2.2.13.
Thanks,
-Nikolaus
--
»Time flies like an arrow, fruit flies like a Banana.«
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
More information about the Info-cyrus
mailing list