Looks like I forgot to reply to the list on that last message.... Thanks for the reminder about the -C flag for timsieved. Using that I can at least limit the "allowplaintext: yes" to timsieved.
So we can stumble along with this solution (and the stunnels) until we are able to come up with a STARTTLS patch for the PHP/Pear Net_Sieve class. Thanks for the feedback! Much obliged. Ben * Rob Siemborski <[EMAIL PROTECTED]> [030617 12:01]: > On Tue, 17 Jun 2003, Ben Poliakoff wrote: > > > When it comes to sieve, I'd really like to be able to do the same sort > > of thing. Right now to support a cgi/web based sieve client (like > > websieve, easysieve, squirrelmail's sieve plugin, or Horde's Ingo - > > none of which support STARTTLS) I need to set "allowplaintext: yes" in > > imapd.conf. And then if I want to protect the traffic between my > > cyrus-imap/timsieved server and my webmail server I need to run two > > instances of stunnel: > > This seems to me like you're solving the problem in the wrong way. You > should fix the clients, not force the server to support something that the > IETF clearly thinks is a bad idea. > > > It's awful, but it works and I'll do it because I don't want that > > traffic running across our network in cleartext. But of course now I > > have clients that might start accidentally doing cleartext imap > > connections, since that's now allowed (where it wasn't before). > > In 2.2 cyrus you can have per-service configuration options. In 2.1 I > suppose you can use the -C option to imapd or sieve to cause it to read > different imapd.confs. > > If you wanted to play worse games, you could have the sieve clients > connect to a UNIX socket provided by sivtest, but I suspect this is more > complicated than you want, especially when the solution is "make the > clients do STARTTLS". > > > Obviously it would be really nice if we had a crop of web based sieve > > clients that supported STARTTLS (and I'm investigating what it might > > take to patch the PHP/Pear Net_Sieve class, used by Horde's Ingo, to > > support STARTTLS). > > This is definately what you want to patch, not the server. The server is > already providing the needed functionality. > > -Rob > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 > Research Systems Programmer * /usr/contributed Gatekeeper -- --------------------------------------------------------------------------- Ben Poliakoff email: <[EMAIL PROTECTED]> Reed College tel: (503)-788-6674 Unix System Administrator PGP key: http://www.reed.edu/~benp/key.html --------------------------------------------------------------------------- 0x6AF52019 fingerprint = A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019