I'll go ahead and answer my own question, as I evidently haven't been paying as much attention to the mailing list as I should have lately and found my solution buried back a couple months. On 30 July 2003 Matt Bernstein started a thread entitled "requiring encryption but not from localhost?", where Scott Adkins proposed a solution. I implemented something more or less like he proposed, and it worked. Specifically, I created a second imapd.conf (imapd-local.conf) and configured it with allowplaintext: yes. Then, I edited my cyrus.conf to look like the following:
imaplocal cmd="imapd -U 30 -C /etc/imapd-local.conf" listen="localhost:ima plocal" prefork=0 maxchild=100 imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
I couldn't get imaplocal to listen localhost on the imap port, so I defined an "imaplocal" port in /etc/services as port 144, and pointed webmail at that. All is well now...webmail from localhost gets plaintext, and everyone else gets IMAPS or IMAP/STARTTLS.
If I had to guess, the reason you couldn't get imaplocal to listen to localhost:imap is probably because the imap and imaps services were already listening on the imap/imaps ports, specifically *:imap and *:imaps. I don't know what order Cyrus internally starts to configure the ports for listening on, but that is likely the issue here (port binding).
The solution that should work is the following (trimmed for clarity):
imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="localhost:imap" imap cmd="imapd" listen="hostname:imap" imaps cmd="imapd -s" listen="hostname:imaps"
Whatever the hostname of your machine is should replace "hostname" in the above configuration. If you want to be able to telnet to the imaps port on localhost for who knows what reason, then take "hostname" out of the "imaps" line and just leave it as "imaps".
Hope that helps... Scott -- +-----------------------------------------------------------------------+ Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-----------------------------------------------------------------------+ PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/
pgp00000.pgp
Description: PGP signature