On Wed, Nov 28, 2001 at 09:57:10AM +0000, Rodolfo J. Paiz wrote:
: Is anyone aware of any reason why IMAP should *not* be run on a
: Net-connected webhosting server?
:
: We're looking at enabling IMAP on our mailservers, but one of my partners
: has heard horrible things about the insecurity of IMAP. Now, I can't think
: of many things worse than the cleartext passwords used by POP3, but who
: knows, right?
Naked IMAP is just as bad as naked POP3... Secure them with SSL. Sure,
this limits the mailers you can use, but the security is worth it.
To configure this:
cd /usr/share/ssl/certs
mv imapd.pem imapd.pem.orig
make imapd.pem
You don't want to use the default (and widely known!) key value, right? :)
Also, be aware that you're creating a self-signed X.509 cert that's
going to be valid for 1 year. Since it's self-signed, your mailers may
ask your users to confirm use of this cert. Your alternatives?
1. Teach your users how to install the cert as "trusted".
2. instead of doing make imapd.pem, do a make imapd.csr and get it signed
by Thawte, Verisign, Equifax, RSA, etc. That is - a trusted 3rd party
CA.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
