> I want to setup some secure IMAP solution:
>
> 1. access IMAP via SSL from WAN (internet)
An SSL build of imapd will give you STARTTLS capability so the normal
imap port/service will take care of this.
> 2. access IMAP anyway from LAN
Why? There are only two reasons I can think of for not wanting to use SSL
on a LAN.
1) You have some *really* slow computers that take too long to do the math.
2) You want to do testing with a telnet session, or something like it.
The second one can be solved by using openssl s_client.
> 3. do not allow IMAP access via plaintext password from WAN
An SSL/TLS connection is not plaintext, so the authentication mechanism
can be anything.
> 4. use another password for WAN access (for IMAP only)
> 5. limit access to specific users (for WAN IMAP only)
You might like to use two different builds of imapd, invoking one for
LAN connections and the other for WAN connections.
> my guess so far:
> ad 1: just open IMAP/SSL port in firewall
> ad 2: no firewall in LAN, no problem
Possibly not good enough, depending on what you want. The packaged build
of imapd will not do plaintext authentication over non-SSL connections.
> ad 4: is there any solution but have another user?
Yes, use a different authentication configuration. That's why I suggested
two builds.
Cheers,
- Joel
_______________________________________________
Imap-uw mailing list
Imap-uw@u.washington.edu
http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
