On Wed, 11 Jun 2003, Mark London wrote: > I would like to restrict Cyrus to only allow users to use IMAPS, not plain > IMAP. However, I was told that would break Squirrelmail, unless I opened > access to IMAP (port 143) for the node that Squirrelmail was running on. > But I'm running XINETD on Redhat, and I've read Cyrus doesn't use that. > I would need another TCP wrapper program (and not sure if even if I installed > it, whether it's compatible with Xinetd). Is that true, or is there an easier > way to do it? Another thought I had was to simply have IMAP running on a > non-standard port number, and have configure Squirrelmail use that port > (is that possible?). Thanks. - Mark
Well you can always just disallow plaintext logins (allowplaintext: f). This won't stop really dumb clients from sending the password in the clear anyway, but its a step in the right direction. This will also allow STARTTLS clients to still operatate. Also, Squirrelmail does support TLS connections (but not IMAPs), from a brief read of their source (atleast in the 1.4 series). Worst case, a firewall running on your IMAP server to only allow connections on 143 from your squirrelmail host can be your friend. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper