>>>> >>>>> hey friends, >>>>> >>>>> I am trying to secure my mail server.I have enabled TLS support >>>>> in postfix(version postfix-2.1.5), now I am trying to configure >>>>> squirrelmail(version 1.4.4-1 rpm) for tls/ssl support.In >>>>> config.php i have choosen use_imap_tls=true and use_smpt_tls=true. >>>>> >> >> use_smpt_tls=true or use_smtp_tls=true? > > > sorry It is use_smtp_tls=true > >>> >>>> what are you using to send email. /usr/sbin/sendmail or SMTP? >>> >>> /usr/sbin/sendmail.postfix(I am using postfix) >>> >>> > > > > > > >> $useSendmail configuration variable controls use of sendmail and smtp >> delivery functions. >> >> If $useSendmail = true, SquirrelMail does not use SMTP functions and it >> is not logged in smtp logs. /usr/sbin/sendmail.postfix doesn't use >> ssmtp. > > > it is $useSendmail=true > > > >> If you want to make sure that SquirrelMail uses secure connection, stop >> plain text smtp (netstat -an | grep 25) and imap (netstat -an | grep >> 143) >> services and try using SquirrelMail. >> >> dovecot is listening only on 993(imaps) and 995(pop3s) and postfix is >> working on 465(smtps) > > for making postfix to listen on 465 i added the port number in > /etc/services. > > > Well no entries for tls/ssl shows up in maillog when I am sending the > mail through squirrelmail because squirrelmail does not uses smtp > fuctions. > > Now the services are running on secured ports(993,995,465) I hope now > sending and receiving the mail through squirrelmail will be secure ?
There is not such thing as 100% secure system. In your case data that is transfered between browser and webserver, between webserver and imap server and between webserver and smtp server/sendmail program is encrypted or is not transfered over insecure network. Encryption security depends on used connection encryption methods. Some SSL encryption methods are weak and crackable with standard computer systems. Cracking of some encryption methods might require high end computer systems. If you want to secure email information that is transfered to other public smtp servers, you need PGP encryption. Postfix might use starttls in remote connections, but STARTTLS support is not required in SMTP protocol and postfix will fallback to plaintext transfer, if remote server does not support STARTTLS. If you need pointers to other parts of webmail security, check topics of unfinished chapters in SquirrelMail Administrator's Manual. http://www.squirrelmail.org/docs/admin/admin-8.html -- Tomas ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
