Hello, I recently thought it is about time to switch users to use SSL/TLS only when fetching mails. So I compiled with SSLTYPE=nopwd and... was overwhelmed with support calls about "my mail is not working". Having 30000+ users, I kind of expected that.
Not the way to go. I've seen one or two fakepop3 servers and no fakeimap server. And since they would take 110/143 and not allow proper STARTTLS, I decided to make a patch to UW imapd and pop3d, so it would allow clients to use plaintext and instead of giving them their mail, give them only one mail with instructions what to do to enable SSL/TLS in their client. Now this one worked very nice. http://akson.sgh.waw.pl/~chopin/unix/imap-2004a+gently_force_ssl.diff It's rather quick and dirty, but it might be useful for some admins. Hey, maybe you will like it so much to include it in UW imap itself. :) It requires SSLTYPE=nopwd and I tested it only on Solaris with shadow passwords and real users. Most probably it could be tweaked for other needs. Few words about setup: I abused "imappublic" account, as it was already there (as required by installation), but this can be any account, give it some password (and put it in the proper place as patch shows), make its $HOME/mail readonly, create $HOME/.mailboxlist with "INBOX" line, also read only, create mailbox (in the patch: /var/mail/imappublic) to contain your message and also chmod it 0444 (so it is not possible to delete this message, obviously). To prevent clients from refetching this message over and over again, header like X-IMAPbase: 1094514934 1 should help. That's it. (Don't forget to point clients to some www page, where configuration of most popular programs is explained, step by step, image by image.) Security considerations: anyone can login to pop3/imap using plaintext and any username/password to read this message. Not too risky, I'd say. (Provided imappublic home, mail and .mailboxlist are read-only, so it is not possible to create new mailbox and keep some messages there!) p. PS Polish readers might want to see the mail and web page I made: http://akson.sgh.waw.pl/pomoc/bezpieczenstwo-list.html -- Beware of he who would deny you access to information, for in his heart he dreams himself your master. -- Commissioner Pravin Lal http://nerdquiz.sgh.waw.pl/ -- polska wersja quizu dla nerdów ;) -- ------------------------------------------------------------------ For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html ------------------------------------------------------------------
