On 28 Mar 2002, Clifford Thurber writes: > At 01:40 PM 3/27/2002 -0800, you wrote: >> will allow connections to the imaps and pop3s ports, and for >> STARTTLS to work on the standard IMAP port, with no manual >> post-install configuration by the user at all related to SSL/TLS.
> This is very cool. Is adding TLS support to IMAP documented > anywhere? What is the basic procedure? Thanks As I eventually discovered the hard way (!), the information is in the install-configure.html file that comes with cyrus-imapd 2.0.16 (and 2.1.3, though I have not yet tried it with that version). In essence for cyrus-imapd 2.0.16 you just: (1) Create a key file: openssl req -new -x509 -nodes -out /var/imap/server.pem -keyout /var/imap/server.pem -days 365 (2) Set its permissions appropriately: chown cyrus:mail /var/imap/server.pem (3) Add two lines to your imapd.conf: echo "tls_cert_file: /var/imap/server.pem" >>/etc/imapd.conf echo "tls_key_file: /var/imap/server.pem" >>/etc/imapd.conf (4) If necessary, add lines for imaps (TCP port 993) and pop3s (TCP port 995) to /etc/services. (5) Restart cyrus. If you do not see imaps and pop3s listeners on ports 993 and 995, check cyrus.conf for lines such as imaps cmd="/usr/cyrus/bin/imapd -s" listen="imaps" prefork=0 pop3s cmd="/usr/cyrus/bin/pop3d -s" listen="pop3s" prefork=0 in the SERVICES section. (6) Test the result: imtest -t "" localhost:993 Of course, once you have done this, getting sendmail to do STARTTLS and AUTH so that users protect mail they *send* in a similar way, is a whole different problem... :-) See Claus Assmann's info at http://www.sendmail.org/~ca/email/starttls.html for more on that. Jonathan
