How to Prevent unencrypted sieve logins

Nikolaus Rath Nikolaus at
Tue Oct 18 11:28:34 EDT 2011


I'm starting timsieved with

# grep sieve /etc/cyrus.conf 
	# useful if you need to give users remote access to sieve
  	sieve		cmd="timsieved" listen="sieve" prefork=1 maxchild=15
	# except for sieve (which deals automatically with Murder)
And imapd.conf contains (irrelevant entries removed manually):

# egrep -v '^(#|\s*$)' /etc/imapd.conf
allowanonymouslogin: no
allowplaintext: no
sasl_mech_list: PLAIN
sasl_minimum_layer: 192
sasl_pwcheck_method: auxprop saslauthd
sasl_saslauthd_path: /var/run/saslauthd_pam/mux
sasl_auxprop_plugin: sasldb
sasl_auto_transition: no
tls_cert_file: /etc/ssl/cyrus.crt
tls_key_file: /etc/ssl/cyrus.key
tls_ca_file: /etc/ssl/ca.crt
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH

However, I'm still able to log into sieve without using any encryption
at all.

What do I need to do to prevent unencrypted transmission of the

Cyrus 2.2.13.



 »Time flies like an arrow, fruit flies like a Banana.«

  PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C

More information about the Info-cyrus mailing list