[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mail Access Protocols



Forgot to send it to the list as well...

/Per-Olov

----------  Forwarded Message  ----------

Subject: Re: Mail Access Protocols
Date: Wednesday 13 August 2003 10.08
From: Per-Olov Sjöholm <maillistuser+openbsd_misc_(_at_)_flowsystems_(_dot_)_se>
To: William Ahern <william_(_at_)_25thandClement_(_dot_)_com>

Hi !


Use TLS on port 143 or SSL port 993. Kmail for example supports both, but MS
Outlook supports just SSL.
Encrypted session with clear text passwords.

But first... create a cert with openssl.

Done !

I think clear text passwords only is supported if the session is encrypted.
 If you don't want this behavior you have to recompile imap.

Regards
/Per-Olov

On Wednesday 13 August 2003 01.30, William Ahern wrote:
> On Tue, Aug 12, 2003 at 04:16:12PM -0700, joe angth wrote:
> > I just installed my first OpenBSD server, and I'm
> > interested in making it a mail server.
> >
> > I downloaded the imap-uw-2002.336 package and
> > installed it.  I noticed that it also comes with,
> > besides the imap daemon, a pop2 and pop3 server.  I
> > looked at inetd.conf and saw that there is already
> > popa3d daemon listed.  What's the difference between
> > popa3d and the uw pop3 daemons?
>
> UW's pop server supports STARTTLS style SSL. This means
> that the SSL/TLS can be negotiatiated after connecting,
> which means SSL over port 110 instead of 995. This
> is a good thing.
>
> > Another question is that I installed the imapd and put
> > it into inetd.  I then telnetted to localhost port 143
> > and tested to make sure that it installed and was
> > configured correctly.  I put in my user name a
> > password, but it would not let me log in.  Do I need
> > the other services provided by the uw-imap package?
> > Do I need to configure something else to get the imap
> > daemon working correctly?
>
> I believe that the default install doesn't allow plaintext
> passwords. This is a _very_ good thing. You should configure
> your mail client to use SSL (either over port 993 for imap,
> or using STARTTLS). If you must support plaintext mail
> client authentication, its a good idea to disable shell
> access to those accounts, and make sure those accounts w/
> shell access know to use SSL properly w/ their mail clients.
>
> To get plaintext support w/ uw-imap, goto the uw-imap directory
> under /usr/ports/mail and install w/ a command similar to:
>
> 	FLAVOR=plaintext make install clean
>
> - Bill

-------------------------------------------------------



Visit your host, monkey.org