On Mon, 9 Dec 2002, Kevin M. Myer wrote: > conversation (via , I don't give anything up security-wise. In other words, I > can rely on the transport layer to provide encryption, instead of a higher layer > and that way email can't be sniffed either.
You do of course realize that email is transmitted plaintext to your MX server anyway from the rest of the world, right? > So I upgraded to the latest versions of Cyrus SASL (2.1.10) and Cyrus > IMAP (2.1.11) today on my test server. I got saslauthd working fine > with LDAP for one Cyrus IMAP "virtual domain" (the altconfig type > meaning I specify a full set of services per domain, bound to a unique > IP address and I have a unique imapd.conf for each domain, I'm not > talking about the newer virtual domain support). What I still need to > figure out is how to specify which saslauthd mux socket for each > domain's imap process to connect to. I know how to start multiple > saslauthd's and specify which socket for them to create but I need to > know how to specify in /etc/imapd.conf which of those sockets to connect > to. I can't seem to find that documented anywhere (probably because its > only in this special case scenario that you'd even need to use it :) >From SASL's doc/options.html: saslauthd_path is the SASL option you want, so sasl_saslauthd_path is the imapd.conf option. Leave off the "/mux" You're right, this is really the only case I've ever heard of this support actually being useful ;) > Also, is it reasonable to think that most major IMAP clients could > handle talking to a server that only listens on imaps (basically my > forcing of TLS idea above)? I know my webmail client, IMP, can handle > that but can most other standalone clients handle imaps well and will > they barf over self-signed certificates? Pine, Mulberry, Outlook, Mozilla, Netscape, etc should all have no trouble with TLS. There may be a certificate warning about your self-signed certificate. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper