> hey friends,
>
> I am trying to secure my mail server.I have enabled TLS support in
> postfix(version postfix-2.1.5), now I am trying to configure
> squirrelmail(version 1.4.4-1 rpm) for tls/ssl support.In config.php i
> have choosen use_imap_tls=true and use_smpt_tls=true.
>
> Moreover If I send any mail from squirrelmail there are no entries for
> ssl or tls in maillogs whereas If I send the mail through evolution I can
> see tls/ssl entries in maillogs.
...
what are you using to send email. /usr/sbin/sendmail or SMTP?
> But when I did the config.test for squirrelmail I got the below error
>
>
> Checking IMAP service....
> IMAP server ready (* OK dovecot ready.)
> Capabilities: * CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND
> UNSELECT IDLE CHILDREN LISTEXT LIST-SUBSCRIBED NAMESPACE AUTH=PLAIN
> *ERROR:* You have enabled TLS encryption in the config, but the server
> does not report STARTTLS capability. TLS is probably not supported.
Error in configtest.php. remove lines with
-----
if($use_imap_tls && stristr($capline, 'STARTTLS') === FALSE) {
do_err('You have enabled TLS encryption in the config, but the server
does not '.
'report STARTTLS capability. TLS is probably not supported.', FALSE);
}
-----
Server does not have to report STARTTLS support on IMAPS or SSMTP connection.
...
> How do I make squirrelmail to use tls/ssl for both imap & smtp.
if imap port is set to 993 and smtp port is set to 465 and secure TLS
options are enabled, SquirrelMail uses SSL in both connections. If you use
/usr/sbin/sendmail instead of SMTP, SquirrelMail feeds messages to local
sendmail program. You don't need SSL for local connections. Only root can
sniff local interface. If you are afraid that local connections are
insecure, get your compromised machine offline and reinstall it. If you
want to secure webmail interface traffic - secure web service traffic.
--
Tomas
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
