On Wed, Nov 08, 2006 at 10:16:42PM -0800, Curtis Doty wrote: > > > How on earth do I positivly disable the STLS CAPA on POP3? Or is this > > > > Turn off POP3AUTH_TLS in the pop3d configuration file. > > But of course that was the first thing I tried. Along with > POP3_STARTTLS=NO and then a few more guesses. All to no avail. :-( > > Your response however, gave me a second wind. And I eventually found what > appears to be causing the problem in pop3d.rc. It is sourcing > etc/pop3d-ssl *after* the expected etc/pop3d conf is sourced.
And so? > So that even if I have POP3AUTH_TLS="" in etc/pop3d, it makes no > difference and STLS is still enabled due to the POP3_STARTTLS=YES > inadvertently getting sucked in from etc/pop3d-ssl. There's nothing "inadvertant" about that. POP3AUTH_TLS and POP3_STARTTLS are two completely different settings, with different meanings. * POP3_STARTTLS says whether to announce the 'STLS' capability * POP3AUTH_TLS says which authentication mechanisms to announce after the client has enabled TLS (as opposed to POP3AUTH, which says which authentication mechanisms to announce *before* the client has enabled TLS) Now, given that POP3_STARTTLS lives in the 'pop3d-ssl' file, then that's where you are supposed to modify it. You are not supposed to copy settings from one file to another. If you do, they will be removed when you later upgrade the software and do 'make install-configure', since sysconfigtool will remove all settings which it believes should not be in a particular file. > One easy hack is to flip the sourcing order in the run commands and then > explicitly state POP3_STARTTLS=NO in the non-ssl conf. Supposing > pop3d-ssl.rc will still work with it's different order? But why do that? Why not just set POP3_STARTTLS=NO in the pop3d-ssl file, which is where the setting is intended to live anyway? Now, you could argue about MrSam's choice of having two config files instead of one. Given that there are two, you could also argue about which settings belong in which file if you like. However the situation as it stands is like this: 'pop3d-ssl' contains some settings which affect only the pop3s daemon on port 995 (like SSLPORT); some other settings which affect only the pop3 daemon on port 110 (like POP3_STARTTLS); and some settings which affect both (like TLS_PROTOCOL) So you might argue that POP3_STARTTLS and POP3_TLS_REQUIRED ought to belong in 'pop3' rather than 'pop3-ssl', but if you try them I think you'll find they work just fine where they are. Regards, Brian. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
