I'm not sure what you mean by [3]. Since you require SSL (in [1]), do you intend that users coming in via WAN must also use something like Kerberos or CRAM-MD5?
It is possible to configure imapd to allow plaintext passwords without SSL/TLS from certain clients; it's the "set plaintext-allowed-clients" command in the evil config file. However, it is an EXTREMELY foolish idea to allow non-SSL/TLS protected sessions for anything other than localhost; doing so is practically begging to be hacked. It is trivial to hijack unprotected TCP connections. Every bad guy in the world hopes that you cling to the false hope that your firewall allows you to engage in unsafe networking practices. [5] and [6] are small matters of programming. Both password validation and login are in distinct modules to make this easy to do. You may also be able to do this via PAM rules. -- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote. > Date: Mon, 27 Oct 2008 15:13:33 +0100 > From: [EMAIL PROTECTED] > To: [email protected] > Subject: [Imap-uw] IMAP secure setup > > Hi, > > I want to setup some secure IMAP solution: > > 1. access IMAP via SSL from WAN (internet) > 2. access IMAP anyway from LAN > 3. do not allow IMAP access via plaintext password from WAN > 4. use another password for WAN access (for IMAP only) > 5. limit access to specific users (for WAN IMAP only) > 6. block IP addresses after multiple failed logins > > my guess so far: > ad 1: just open IMAP/SSL port in firewall > ad 2: no firewall in LAN, no problem > ad 3: where to configure (I hope this is not compile-time...) > ad 4: is there any solution but have another user? > ad 5: I have no idea how to do this. > ad 6: maybe some software like "denyhosts" has to be used > > Is there anything, imap-uw can do for me to make this easier? > Is there any solution to (5) or a better solution to the others? > > Best regards > Stefan > _______________________________________________ > Imap-uw mailing list > [email protected] > http://mailman2.u.washington.edu/mailman/listinfo/imap-uw _________________________________________________________________ You live life beyond your PC. So now Windows goes beyond your PC. http://clk.atdmt.com/MRT/go/115298556/direct/01/_______________________________________________ Imap-uw mailing list [email protected] http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
