On Mon, May 29, 2006 at 12:59:37PM +0400, Lev A. Serebryakov wrote: > > It seems to be FAQ, but I can not find answer with google. > > I want to disable plain login (non-SASL one) to my IMAP and POP3 > servers when TLS is not used. > > Most of clients can use TLS (with dedicated port or STARTTLS), but > some of them cannot (mobile phones, for example). But shuch not-SSL-able > clients knows about CRAM-MD5. > > Is it possible? Maybe, here are some patches for imapd/pop3d?
I don't think there's exactly what you want. In the 'imapd' configuration file you'll find the following setting: ##NAME: IMAP_CAPABILITY_TLS:0 # # The following setting will advertise SASL PLAIN authentication after # STARTTLS is established. If you want to allow SASL PLAIN authentication # with or without TLS then just comment this out, and add AUTH=PLAIN to # IMAP_CAPABILITY IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" There's a corresponding one in 'pop3d'. That allows you to disable AUTH=PLAIN and/or AUTH=LOGIN SASL mechanisms for non-TLS connections. But I don't think that also disables USER/PASS (pop3) or LOGIN (imap). You *can* disable USER/PASS and LOGIN for non-TLS connections by setting POP3_TLS_REQUIRED / IMAP_TLS_REQUIRED. However that will also block CRAM-MD5 authentication for non-TLS clients. If you want to patch the source, looking for these variables should help you. Regards, Brian. _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
