On Sun, 18 Mar 2007, Brian Kendig wrote:
Compiling with "make oxp" resulted in a binary which wouldn't let my mail client (Mac OS X Mail) authenticate, but compiling with "make oxp SSLTYPE=none" solved that problem, so now I'm good to go!
That option completely deletes SSL/TLS support and is not a good thing to do, since anyone with a sniffer on your network (client end, server end, or between) can steal your password.
Modern clients (such as Pine/Alpine) will not require this; instead, it will automatically use TLS. This has been a requirement of the IMAP specification since 2003.
Old clients may require an explicit setting of SSL; and truly ancient clients don't support SSL at all. It is only for truly ancient clients that you would ever build with SSLTYPE=none.
The version of Mac OS X Mail included in 10.4 has an option to enable SSL under the "Advanced" portion of the client tab. Otherwise, I forget how Mac OS X Mail works since I only tried it once, found it highly unsatisfactory, and never used it thereafter. However, I guess that since it didn't do TLS automatically it is an "old client" as opposed to a "modern client" or "truly ancient client".
Though, using that option resulted in my being warned that the binary was being built "in NON-COMPLIANCE with RFC 3501 security requirements" because "TLS/SSL encryption is NOT supported and unencrypted plaintext passwords are permitted". It tells me to build with "SSLTYPE=nopwd" to overcome this. Is "SSLTYPE=nopwd" a safe option to use? It sounds like it removes the need for a password, which wouldn't be good...? What does that option do, exactly - should I use it?
SSLTYPE=nopwd is the default build, and it prohibits plaintext password authentication unless either SSL or TLS encryption is in effect. All servers since March 2003 are supposed to work this way; and all clients are supposed to negotiate TLS automatically.
-- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote. _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
