Just have a look at then config file in /etc/stunnel/stunnel.conf It has a [ ] section for imaps, uncomment and start the service, /etc/init.d/stunnel start You should see a listening port on 993, netstat –an |grep 993 And then you should be able to configure your mail client to use SSL’ed imap. For maximum security you should only allow imap connections from localhost. Next is to use smtps (secure smtp) to send mail... Bjorn Robertsson -----Original Message----- From: David Soltero-Lugo [mailto:david@cnnet.upr.edu] Sent: 17. maí 2003 14:20 To: Björn Róbertsson Cc: R.Vickers@cs.rhul.ac.uk; bobv@cs.rhul.ac.uk; vbru@entu.cas.cz; suse-security@suse.com Subject: Re: [suse-security] IMAP and 8.2 I tried the inet option (on xinetd) and did not work, can you provide mor information on the stunnel option?? Thanks David Björn Róbertsson wrote: I also discovered that my ssl'd imapd service had stopped working. I'd created stunnel connection and I found in /etc/stunnel a config file which allowed for a very simple configuration... This however requires the service stunnel started and you need to remove the corresponding imap/pop lines from /etc/inetd.conf Hope to help :) Bjorn Robertsson p.s. I use cyrus so the cyrus config does not need to know imaps if you use stunnel. Vaclav, Yesterday we too upgraded our mail server and discovered this change that SuSE quietly introduced. It sounds like you have done the hard part; to configure inetd.conf to support SSL-enabled IMAP and POP you just need lines imaps stream tcp nowait root /usr/sbin/tcpd imapd pop3s stream tcp nowait root /usr/sbin/tcpd ipop3d I've found it very hard to find good documentation on how to set up an IMAP service that does not use plaintext passwords. Bob On Wed, 14 May 2003, Vaclav Brunnhofer wrote: Being prevented here in this group that the support for 7.2 would finish in the near future (see another thread), I have purchased and upgraded to 8.2. So far, almost everything is working as expected, expect for IMAP (the same case would be POP3, if I would not use qpopper). In the mean time, I have found information that the IMAP rpm, shipped with 8.2 (IMAP 2002) is a major release, enabling to disable fulltext passwords for identification. Apparently the rpm shipped with 8.2 is compiled with this in mind. So far it is good, but I cannot find any information, how to make it work. I have found that it is necessary to use starttls - a ssl based authentification. Just I cannot find (may be I am using incorrect queries in google) how to setup the IMAP server - I have found how to configure the clients, how to compile IMAP for disabling authetification by plaintext passwords, but I am missing information, how to configure inetd (or even xinetd) to work with this imap daemon. The same applies for ipop3, just I have installec qpopper and this works fine. SuSE installation support claims it is beyond the scope of installation support. Does anyone know how to make the imap over startls or ssl work? Thanks a lot S pozdravem Vaclav Brunnhofer ======================================================== ======= | Entomologicky ustav e-mail: vbru@entu.cas.cz | | Akademie Ved Ceske Republiky tel.: 038 7775251 | | Branisovska 31 fax: 038 5310354 | | 370 05 Ceske Budejovice mobil: +420 606 632822 | ======================================================== ====== -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691 -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here