> I want to setup some secure IMAP solution: > > 1. access IMAP via SSL from WAN (internet)
An SSL build of imapd will give you STARTTLS capability so the normal imap port/service will take care of this. > 2. access IMAP anyway from LAN Why? There are only two reasons I can think of for not wanting to use SSL on a LAN. 1) You have some *really* slow computers that take too long to do the math. 2) You want to do testing with a telnet session, or something like it. The second one can be solved by using openssl s_client. > 3. do not allow IMAP access via plaintext password from WAN An SSL/TLS connection is not plaintext, so the authentication mechanism can be anything. > 4. use another password for WAN access (for IMAP only) > 5. limit access to specific users (for WAN IMAP only) You might like to use two different builds of imapd, invoking one for LAN connections and the other for WAN connections. > my guess so far: > ad 1: just open IMAP/SSL port in firewall > ad 2: no firewall in LAN, no problem Possibly not good enough, depending on what you want. The packaged build of imapd will not do plaintext authentication over non-SSL connections. > ad 4: is there any solution but have another user? Yes, use a different authentication configuration. That's why I suggested two builds. Cheers, - Joel _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu http://mailman2.u.washington.edu/mailman/listinfo/imap-uw