Martin Waschbuesch wrote:
Hi,
Another question. I do not know if it matters, as I will disable non-ssl
imap anyway, but I noticed that I cannot use CRAM-MD5 with courier for
some reason (although I added it to the capabilities string in
/etc/courier/imapd).
Does vchkpw not support it?
The other way I would have used (use authmysql instead of authvchkpw for
courier) does not work because the database is set up with one user
table per domain)
Any suggestions?
Thanks,
Martin
PS: I will collect all this stuff and create a 'how to harden your
toaster' page on the wiki later. ;-)
Thanks Martin.
I don't know about vchkpw supporting cram-md5 w/out digging into it.
cram-md5 is not needed with TLS/SSL though. cram-md5 isn't all that
secure as it turns out. While it does keep passwords from passing in the
clear, decrypting cram-md5 isn't very difficult.
Courier is being replaced by Dovecot in a future QMT release (v2 we're
hoping). Dovecot's IMAP does have a configuration setting to enforce
TLS. I presume Dovecot's pop3 does the same. I don't know yet what the
stock QMT settings for dovecot will be. Please do your write-up though
for Dovecot instead of Courier.
There have been some recent posts on this list about how to install
dovecot in place of courier, for those who have a pressing need for it
(or just want to try it out). I hope to have an rpm available for
dovecot in the QTP repo in the near future.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]