Refuse IMAP without encryption
Andrew Morgan
morgan at orst.edu
Tue Apr 23 14:24:31 EDT 2013
On Tue, 23 Apr 2013, Paul van der Vlis wrote:
> Hello,
>
> Is it possible to refuse IMAP-access without encryption like TLS or SSL?
> I think this would be a good idea for security.
>
> And I would like to make an exception for localhost for the webmail. The
> webmail (Sogo) can do TLS or SSL, but normally I don't do that for
> localhost.
>
> I am using Cyrus 2.4.16 from Debian 7 (Wheezy).
You can create a second service entry for imapd in cyrus.conf. Have it
listen on localhost and on a different port, such as 1143. In imapd.conf,
set:
<service_name>_allowplaintext: 1
Where <service_name> is the name of the localhost service in cyrus.conf.
For example:
localimap cmd="/usr/local/cyrus/bin/imapd" listen="localhost:1143" proto="tcp4" prefork=10 maxchild=100
Then in imapd.conf:
localimap_allowplaintext: 1
Andy
More information about the Info-cyrus
mailing list