Re: [suse-security] IMAP and 8.2
David, stunnel does not work with the imap-2000 package supplied by SuSE 8.2. You have to find an imapd implentation that supports plain text logins. The point of stunnel is to convert an insecure imap server into a secure one. SuSE blew this apart by building imapd in such a way that it would not support this. Bob On Sat, 17 May 2003, David Soltero-Lugo wrote:
I tried the inet option (on xinetd) and did not work, can you provide mor information on the stunnel option??
Thanks David
Björn Róbertsson wrote:
I also discovered that my ssl'd imapd service had stopped working. I'd created stunnel connection and I found in /etc/stunnel a config file which allowed for a very simple configuration...
This however requires the service stunnel started and you need to remove the corresponding imap/pop lines from /etc/inetd.conf
Hope to help :)
Bjorn Robertsson
p.s. I use cyrus so the cyrus config does not need to know imaps if you use stunnel.
Vaclav,
Yesterday we too upgraded our mail server and discovered this change that SuSE quietly introduced. It sounds like you have done the hard part; to configure inetd.conf to support SSL-enabled IMAP and POP you just need lines imaps stream tcp nowait root /usr/sbin/tcpd imapd pop3s stream tcp nowait root /usr/sbin/tcpd ipop3d
I've found it very hard to find good documentation on how to set up an IMAP service that does not use plaintext passwords.
Bob
On Wed, 14 May 2003, Vaclav Brunnhofer wrote:
Being prevented here in this group that the support for 7.2 would finish in the near future (see another thread), I have purchased and upgraded to 8.2.
So far, almost everything is working as expected, expect for IMAP (the same case would be POP3, if I would not use qpopper). In the mean time, I have found information that the IMAP rpm, shipped with 8.2 (IMAP 2002) is a major release, enabling to disable fulltext passwords for identification. Apparently the rpm shipped with 8.2 is compiled with this in mind. So far it is good, but I cannot find any information, how to make it work. I have found that it is necessary to use starttls - a ssl based authentification.
Just I cannot find (may be I am using incorrect queries in google) how to setup the IMAP server - I have found how to configure the clients, how to compile IMAP for disabling authetification by plaintext passwords, but I am missing information, how to configure inetd (or even xinetd) to work with this imap daemon. The same applies for ipop3, just I have installec qpopper and this works fine.
SuSE installation support claims it is beyond the scope of installation support.
Does anyone know how to make the imap over startls or ssl work? Thanks a lot
S pozdravem
Vaclav Brunnhofer
======================================================== ======= | Entomologicky ustav e-mail: vbru@entu.cas.cz | | Akademie Ved Ceske Republiky tel.: 038 7775251 | | Branisovska 31 fax: 038 5310354 | | 370 05 Ceske Budejovice mobil: +420 606 632822 | ======================================================== ======
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
participants (1)
-
Bob Vickers