Martin Waschbuesch wrote:
Hi,

Another question. I do not know if it matters, as I will disable non-ssl imap anyway, but I noticed that I cannot use CRAM-MD5 with courier for some reason (although I added it to the capabilities string in /etc/courier/imapd).

Does vchkpw not support it?

The other way I would have used (use authmysql instead of authvchkpw for courier) does not work because the database is set up with one user table per domain)

Any suggestions?

Thanks,

Martin

PS: I will collect all this stuff and create a 'how to harden your toaster' page on the wiki later. ;-)


Thanks Martin.

I don't know about vchkpw supporting cram-md5 w/out digging into it.
cram-md5 is not needed with TLS/SSL though. cram-md5 isn't all that secure as it turns out. While it does keep passwords from passing in the clear, decrypting cram-md5 isn't very difficult.

Courier is being replaced by Dovecot in a future QMT release (v2 we're hoping). Dovecot's IMAP does have a configuration setting to enforce TLS. I presume Dovecot's pop3 does the same. I don't know yet what the stock QMT settings for dovecot will be. Please do your write-up though for Dovecot instead of Courier.

There have been some recent posts on this list about how to install dovecot in place of courier, for those who have a pressing need for it (or just want to try it out). I hope to have an rpm available for dovecot in the QTP repo in the near future.

--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
    For additional commands, e-mail: [email protected]


Reply via email to