[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mail Access Protocols

Forgot to send it to the list as well...


----------  Forwarded Message  ----------

Subject: Re: Mail Access Protocols
Date: Wednesday 13 August 2003 10.08
From: Per-Olov Sjöholm <maillistuser+openbsd_misc_(_at_)_flowsystems_(_dot_)_se>
To: William Ahern <william_(_at_)_25thandClement_(_dot_)_com>

Hi !

Use TLS on port 143 or SSL port 993. Kmail for example supports both, but MS
Outlook supports just SSL.
Encrypted session with clear text passwords.

But first... create a cert with openssl.

Done !

I think clear text passwords only is supported if the session is encrypted.
 If you don't want this behavior you have to recompile imap.


On Wednesday 13 August 2003 01.30, William Ahern wrote:
> On Tue, Aug 12, 2003 at 04:16:12PM -0700, joe angth wrote:
> > I just installed my first OpenBSD server, and I'm
> > interested in making it a mail server.
> >
> > I downloaded the imap-uw-2002.336 package and
> > installed it.  I noticed that it also comes with,
> > besides the imap daemon, a pop2 and pop3 server.  I
> > looked at inetd.conf and saw that there is already
> > popa3d daemon listed.  What's the difference between
> > popa3d and the uw pop3 daemons?
> UW's pop server supports STARTTLS style SSL. This means
> that the SSL/TLS can be negotiatiated after connecting,
> which means SSL over port 110 instead of 995. This
> is a good thing.
> > Another question is that I installed the imapd and put
> > it into inetd.  I then telnetted to localhost port 143
> > and tested to make sure that it installed and was
> > configured correctly.  I put in my user name a
> > password, but it would not let me log in.  Do I need
> > the other services provided by the uw-imap package?
> > Do I need to configure something else to get the imap
> > daemon working correctly?
> I believe that the default install doesn't allow plaintext
> passwords. This is a _very_ good thing. You should configure
> your mail client to use SSL (either over port 993 for imap,
> or using STARTTLS). If you must support plaintext mail
> client authentication, its a good idea to disable shell
> access to those accounts, and make sure those accounts w/
> shell access know to use SSL properly w/ their mail clients.
> To get plaintext support w/ uw-imap, goto the uw-imap directory
> under /usr/ports/mail and install w/ a command similar to:
> 	FLAVOR=plaintext make install clean
> - Bill


Visit your host, monkey.org