8.2, UW IMAP-2002 and Squirrelmail - SSL...
This posting concerns how to connect Squirrelmail (imap only) to UW IMAP-2002 (imaps only). Please see the questions further down. I have a fully functioning installation of 8.2 Pro, Postfix, UW IMAP-2002, Apache, OpenSSL and modSSL with self-signed working certificates. All software as included on the CDs and Online Update. I have also followed the instructions given in the mailing lists and on the SuSE support database regarding SSL, certificate and UW IMAP-2002. I can access UW IMAP-2002 with a Netscape 7 mail client using SSL, so everything is set up correctly. Finally, I need webmail and guess that Squirrelmail would be a good solution. However, since UW IMAP-2002 by default is built with imaps only and Squirrelmail only supports imap, I am stuck. Various people have suggested using * UW IMAP-2001 from SuSE 8.1 (I would rather not use an older software) * Building your own IMAP-2002 with imap support (Somebody had had problems building UW IMAP-2002 himself. I have sent a request to SuSE support about them building a second version (including supporting it via Online Update) and am waiting for the reply.) * stunnel (but does it support communication in the desired direction? Isn't it intended to work in the opposite way?) * SSH session ---> Questions: ---> Suggestions/arguments about how to solve or work around this problem? ---> Do you know if stunnel would do the trick and how I would have to configure it? Regards /Niclas Arndt ================
From: Björn Róbertsson <bjornr@iceland2000.com> To: "'David Soltero-Lugo'" <david@cnnet.upr.edu> CC: <R.Vickers@cs.rhul.ac.uk>, <bobv@cs.rhul.ac.uk>,<vbru@entu.cas.cz>, <suse-security@suse.com> Subject: RE: [suse-security] IMAP and 8.2 Date: Sat, 17 May 2003 16:19:07 -0000
Just have a look at then config file in /etc/stunnel/stunnel.conf
It has a [ ] section for imaps, uncomment and start the service, /etc/init.d/stunnel start
You should see a listening port on 993, netstat an |grep 993
And then you should be able to configure your mail client to use SSLed imap.
For maximum security you should only allow imap connections from localhost.
Next is to use smtps (secure smtp) to send mail...
Bjorn Robertsson
-----Original Message----- From: David Soltero-Lugo [mailto:david@cnnet.upr.edu] Sent: 17. maí 2003 14:20 To: Björn Róbertsson Cc: R.Vickers@cs.rhul.ac.uk; bobv@cs.rhul.ac.uk; vbru@entu.cas.cz; suse-security@suse.com Subject: Re: [suse-security] IMAP and 8.2
I tried the inet option (on xinetd) and did not work, can you provide mor information on the stunnel option??
Thanks David
Björn Róbertsson wrote:
I also discovered that my ssl'd imapd service had stopped working. I'd created stunnel connection and I found in /etc/stunnel a config file which allowed for a very simple configuration...
This however requires the service stunnel started and you need to remove the corresponding imap/pop lines from /etc/inetd.conf
Hope to help :)
Bjorn Robertsson
p.s. I use cyrus so the cyrus config does not need to know imaps if you use stunnel.
Vaclav,
Yesterday we too upgraded our mail server and discovered this change that SuSE quietly introduced. It sounds like you have done the hard part; to configure inetd.conf to support SSL-enabled IMAP and POP you just need lines imaps stream tcp nowait root /usr/sbin/tcpd imapd pop3s stream tcp nowait root /usr/sbin/tcpd ipop3d
I've found it very hard to find good documentation on how to set up an IMAP service that does not use plaintext passwords.
Bob
On Wed, 14 May 2003, Vaclav Brunnhofer wrote:
Being prevented here in this group that the support for 7.2 would finish in the near future (see another thread), I have purchased and upgraded to 8.2.
So far, almost everything is working as expected, expect for IMAP (the same case would be POP3, if I would not use qpopper). In the mean time, I have found information that the IMAP rpm, shipped with 8.2 (IMAP 2002) is a major release, enabling to disable fulltext passwords for identification. Apparently the rpm shipped with 8.2 is compiled with this in mind. So far it is good, but I cannot find any information, how to make it work. I have found that it is necessary to use starttls - a ssl based authentification.
Just I cannot find (may be I am using incorrect queries in google) how to setup the IMAP server - I have found how to configure the clients, how to compile IMAP for disabling authetification by plaintext passwords, but I am missing information, how to configure inetd (or even xinetd) to work with this imap daemon. The same applies for ipop3, just I have installec qpopper and this works fine.
SuSE installation support claims it is beyond the scope of installation support.
Does anyone know how to make the imap over startls or ssl work? Thanks a lot
S pozdravem
Vaclav Brunnhofer
======================================================== ======= | Entomologicky ustav e-mail: vbru@entu.cas.cz | | Akademie Ved Ceske Republiky tel.: 038 7775251 | | Branisovska 31 fax: 038 5310354 | | 370 05 Ceske Budejovice mobil: +420 606 632822 | ======================================================== ======
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
----------------------
From: Jethro Cramp <jsc_lists@rock-tnsc.com> Reply-To: jsc_lists@rock-tnsc.com To: "suse-linux-e@suse.com" <suse-linux-e@suse.com> Subject: Re: [SLE] Squirrelmail & Imap Login Error, SuSE 8.2 - Authentication Date: Mon, 19 May 2003 10:13:07 +0800 FYI, this is how I setup imap to work on SuSE8.2 so that I could log in. Firstly I added the following section to /etc/xinetd.d/imap # imaps - imap mail daemon with ssl service imaps { socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/imapd flags = IPv4 } # Then I created a new ssl certificate with: openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 365 The resulting file is called imapd.pem which I then copied to /etc/ssl/certs. And bingo authentication worked. I'm using Kmail 1.5.1 and I can't make new imap folders, but I can from Mozilla. Anyone know if this is just not yet developed in kmail yet, or we need to do some voodoo to make it work. Thanks, Jethro
_________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
participants (1)
-
Niclas Arndt