Re: STARTTLS Question

Wed, 08 Oct 2003 06:26:39 -0700

--On Tuesday, October 07, 2003 6:25 PM -0400 Daniel Whelan <[EMAIL PROTECTED]> wrote:

I'll go ahead and answer my own question, as I evidently haven't been
paying as much attention to the mailing list as I should have lately and
found my solution buried back a couple months. On 30 July 2003 Matt
Bernstein started a thread entitled "requiring encryption but not from
localhost?", where Scott Adkins proposed a solution. I implemented
something more or less like he proposed, and it worked. Specifically, I
created a second imapd.conf (imapd-local.conf) and configured it with
allowplaintext: yes. Then, I edited my cyrus.conf to look like the
following:

imaplocal   cmd="imapd -U 30 -C /etc/imapd-local.conf"
listen="localhost:ima plocal" prefork=0 maxchild=100
imap        cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
imaps       cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100

I couldn't get imaplocal to listen localhost on the imap port, so I
defined an "imaplocal" port in /etc/services as port 144, and pointed
webmail at that. All is well now...webmail from localhost gets plaintext,
and everyone else gets IMAPS or IMAP/STARTTLS.


If I had to guess, the reason you couldn't get imaplocal to listen to
localhost:imap is probably because the imap and imaps services were
already listening on the imap/imaps ports, specifically *:imap and *:imaps.
I don't know what order Cyrus internally starts to configure the ports
for listening on, but that is likely the issue here (port binding).

The solution that should work is the following (trimmed for clarity):

 imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="localhost:imap"
 imap      cmd="imapd"                          listen="hostname:imap"
 imaps     cmd="imapd -s"                       listen="hostname:imaps"

Whatever the hostname of your machine is should replace "hostname" in the
above configuration.  If you want to be able to telnet to the imaps port
on localhost for who knows what reason, then take "hostname" out of the
"imaps" line and just leave it as "imaps".

Hope that helps...
Scott
--
+-----------------------------------------------------------------------+
     Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
  UNIX Systems Engineer                  mailto:[EMAIL PROTECTED]
       ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
+-----------------------------------------------------------------------+
    PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to