Re: how to force tls with cyrus+ldap
If you also want to force a certain encryption strength, you can use the imapd.conf option "sasl_minimum_layer", like: sasl_minimum_layer: 56 to force "56 bit" encryption. (The number is an approximation of the strength of the symmetric cipher used.) Larry Date: Fri, 05 Oct 2001 09:05:07 -0400 From: Ken Murchison <[EMAIL PROTECTED]> "P. Vranckx" wrote: > > Hi, > > This is probably a silly question : I compiled cyrus sasl with > the patch for ldap (checkpw-ipplus). I modified the patch > to force ssl in the ldap queries : it runs fine. > My question is : how can I force a mail client to use starttls. One > solution is to close imap port and only use imaps port. But when using the > "normal" port, how can I force imapd to refuse non encrypted communication > (ie without starttls) ? Assuming that your client correctly supports the STARTTLS command (Mulberry is the only one that I know of), set 'allowplaintext: no' in imapd.conf. This will disable the IMAP LOGIN command until after a STARTTLS has been successfully completed (the plaintext SASL mechs are always disabled unless protected by layer). You can test this by running: imtest -t "" localhost (optionally add '-m login' or '-m plain', etc) In the first CAPABILITY response (before STARTTLS), you should see LOGINDISABLED. In the second response (after STARTTLS), the LOGINDISABLED should be gone and possibly AUTH=PLAIN will appear.
Mulberry + SSL
Hi, I've just installed the SSL-Plugin for Mulberry 2.1. On the server cyrusd is running, imapd + imapds preforked. How can I force Mulberry to use only ssl-connections with my imap-server? Where can I see that Mulberry uses SSL-connections? Thanks, Gruss Ch. Krempe Freie Universitaet Berlin Christoph Krempe Universitaetsbibliothek - Rechenzentrum - Systemverwaltung Garystrasse 39 14195 Berlin Germany Tel: +0049/30/838 54583 Fax: +0049/30/838 54582 e-mail: [EMAIL PROTECTED] URL:http://www.ub.fu-berlin.de/~ck
Re: sieve parse error, expecting `$'
So, in my point of view, there are 2 reasons for my "sporadic Sieve parse errors": - I had some Sieve scripts containing syntax errors. So it's recommended to check the syntax of all sieve scripts while upgrading from 1.6.X - this should be noted in doc/install-upgrade.html - These parse errors confuse (sometimes ?) following sieve filter processing in (reused) lmtpd... This is a bug. Since I fixed the wrong Sieve scripts I haven't seen any sieve parse errors. I think it would be a good idea to install the useful sieve/test program as sievetest program in /usr/cyrus/bin by default. Thanks for your help, Frank -- Email: [EMAIL PROTECTED] http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany
Re: how to force tls with cyrus+ldap
"P. Vranckx" wrote: > > Hi, > > This is probably a silly question : I compiled cyrus sasl with > the patch for ldap (checkpw-ipplus). I modified the patch > to force ssl in the ldap queries : it runs fine. > My question is : how can I force a mail client to use starttls. One > solution is to close imap port and only use imaps port. But when using the > "normal" port, how can I force imapd to refuse non encrypted communication > (ie without starttls) ? Assuming that your client correctly supports the STARTTLS command (Mulberry is the only one that I know of), set 'allowplaintext: no' in imapd.conf. This will disable the IMAP LOGIN command until after a STARTTLS has been successfully completed (the plaintext SASL mechs are always disabled unless protected by layer). You can test this by running: imtest -t "" localhost (optionally add '-m login' or '-m plain', etc) In the first CAPABILITY response (before STARTTLS), you should see LOGINDISABLED. In the second response (after STARTTLS), the LOGINDISABLED should be gone and possibly AUTH=PLAIN will appear. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
how to force tls with cyrus+ldap
Hi, This is probably a silly question : I compiled cyrus sasl with the patch for ldap (checkpw-ipplus). I modified the patch to force ssl in the ldap queries : it runs fine. My question is : how can I force a mail client to use starttls. One solution is to close imap port and only use imaps port. But when using the "normal" port, how can I force imapd to refuse non encrypted communication (ie without starttls) ? Thanks for your help. Patrick -- << Dans dix mois les vacances... >> +---+-+ | VRANCKX Patrick | | | Service d'Informatique Administrative | Cable : [EMAIL PROTECTED] | | Universite Catholique de Louvain | Telephone : 32-10-47.38.70 | | Place de l'Universite, 1 | Telecopie : 32-10-47.35.71 | | B-1348 Louvain-La-Neuve Belgique | | +---+-+
