Brian Candler <[EMAIL PROTECTED]> writes: > courier-imap has TLS support natively (both TLS on port 993, and > STARTTLS on port 143), and has had for quite a long time.
OK: the port 993 IMAPS works fine, and I'll figure out how to invoke STARTTLS for port 143 within courier-imap. > My suggestion would be: first, install a fresh unpatched courier-imap and > run it out of the box, to show how it should work. Then, if you are sure you > want to run it under a service manager (looks like you are using daemontools > perhaps?) then examine the imapd.rc and imapd-ssl.rc scripts carefully and > duplicate what they do in your own environment. However, you're on your own > if you do so. Will do. I had courier-imap running fine under the daemontools and ucspi-tcp suite. It's also now running well on 933 with the TLS-patched tcpserver, so that's cool too. What I didn't understand is that 143 needed to start unencrypted, then do a STARTTLS negotiation, then use the TLS built into the courier-imap daemon itself. Thanks for your pointers. I'll eventually post some docs on how I'm doing courier-imap, TLS and other stuff using the daemontools and such; the combination seems very nice, especially if you're more used to qmail than courier.
