thunderbird, IMAP, and STARTTLS
Paul Iadonisi
pri.rhl3 at iadonisi.to
Mon Oct 11 03:24:48 UTC 2004
On Sun, 2004-10-10 at 23:17, Alexander Dalloz wrote:
> Am Mo, den 11.10.2004 schrieb Sam Varshavchik um 4:53:
>
> > > Which IMAP server offers IMAP/TLS on port 143?
> >
> > Pretty much all of them.
>
> Ok, I always configures IMAPs with usage of port 993, simply because
> otherwise you can't force the users to use the secured connection. If
> you enable port 143 users tend to simply use IMAP - and then auth data
> goes over the line unencrypted, especially by those Outlook users using
> LOGIN.
Not true...just set allowplaintext to 'no' in your /etc/imapd.conf
(for Cyrus). If you're imap server uses SASL for network
authentication, it should the same setting, but possibly a different
filename path for imap servers other than cyrus. When you set this
option, the LOGINDISABLED capability will show up in the IMAP CAPABILITY
command, which does what the name implies. After STARTTLS is
negotiated, another CAPABILITY command will show that LOGINDISABLED is
no longer there, allowing login to proceed.
As an FYI, even if you're not using cyrus-imapd, the cyrus-imapd-utils
package can come in very handy...especially imtest and smtptest (really,
one is just a symlink to the other). It helps to flesh out these kind
of issues.
--
-Paul Iadonisi
Senior System Administrator
Red Hat Certified Engineer / Local Linux Lobbyist
Ever see a penguin fly? -- Try Linux.
GPL all the way: Sell services, don't lease secrets
More information about the fedora-devel-list
mailing list