Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] IMAP and 8.2
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Mon, 19 May 2003 13:33:53 +0100 (BST)
  • Message-id: <Pine.OSF.4.44.0305191329300.17696-100000@xxxxxxxxxxxxxxxxxxxxx>
David,

stunnel does not work with the imap-2000 package supplied by SuSE 8.2. You
have to find an imapd implentation that supports plain text logins.

The point of stunnel is to convert an insecure imap server into a secure
one. SuSE blew this apart by building imapd in such a way that it would
not support this.

Bob

On Sat, 17 May 2003, David Soltero-Lugo wrote:

>
> I tried the inet option (on xinetd) and did not work, can you provide
> mor information on the stunnel option??
>
> Thanks
> David
>
> Björn Róbertsson wrote:
>
> >I also discovered that my ssl'd imapd service had stopped working. I'd
> >created stunnel connection and I found in /etc/stunnel a config file which
> >allowed for a very simple configuration...
> >
> >This however requires the service stunnel started and you need to remove
> >the corresponding imap/pop lines from /etc/inetd.conf
> >
> >Hope to help :)
> >
> >Bjorn Robertsson
> >
> >p.s. I use cyrus so the cyrus config does not need to know imaps if you
> >use stunnel.
> >
> >
> >
> >>Vaclav,
> >>
> >>Yesterday we too upgraded our mail server and discovered this change
> >>that SuSE quietly introduced. It sounds like you have done the hard
> >>part; to configure inetd.conf to support SSL-enabled IMAP and POP you
> >>just need lines
> >> imaps stream tcp nowait root /usr/sbin/tcpd imapd
> >> pop3s stream tcp nowait root /usr/sbin/tcpd ipop3d
> >>
> >>I've found it very hard to find good documentation on how to set up an
> >>IMAP service that does not use plaintext passwords.
> >>
> >>Bob
> >>
> >>
> >>On Wed, 14 May 2003, Vaclav Brunnhofer wrote:
> >>
> >>
> >>
> >>>Being prevented here in this group that the support for 7.2 would
> >>>finish in the near future (see another thread), I have purchased and
> >>>upgraded to 8.2.
> >>>
> >>>So far, almost everything is working as expected, expect for IMAP (the
> >>>same case would be POP3, if I would not use qpopper).
> >>>In the mean time, I have found information that the IMAP rpm, shipped
> >>>with 8.2 (IMAP 2002) is a major release, enabling to disable fulltext
> >>>passwords for identification. Apparently the rpm shipped with 8.2 is
> >>>compiled with this in mind. So far it is good, but I cannot find any
> >>>information, how to make it work. I have found that it is necessary to
> >>>use starttls - a ssl based authentification.
> >>>
> >>>Just I cannot find (may be I am using incorrect queries in google) how
> >>>to setup the IMAP server - I have found how to configure the clients,
> >>>how to compile IMAP for disabling authetification by plaintext
> >>>passwords, but I am missing information, how to configure inetd (or
> >>>even xinetd) to work with this imap daemon. The same applies for
> >>>ipop3, just I have installec qpopper and this works fine.
> >>>
> >>>SuSE installation support claims it is beyond the scope of
> >>>installation support.
> >>>
> >>>Does anyone know how to make the imap over startls or ssl work?
> >>>Thanks a lot
> >>>
> >>>S pozdravem
> >>>
> >>>Vaclav Brunnhofer
> >>>
> >>>========================================================
> >>>=======
> >>>| Entomologicky ustav e-mail: vbru@xxxxxxxxxxx |
> >>>| Akademie Ved Ceske Republiky tel.: 038 7775251
> >>>|
> >>>| Branisovska 31 fax: 038 5310354 |
> >>>| 370 05 Ceske Budejovice mobil: +420 606 632822 |
> >>>========================================================
> >>>======
> >>>
> >>>
> >>>--
> >>>Check the headers for your unsubscription address
> >>>For additional commands, e-mail: suse-security-help@xxxxxxxx
> >>>Security-related bug reports go to security@xxxxxxx, not here
> >>>
> >>>
> >>>
> >>==============================================================
> >>Bob Vickers R.Vickers@xxxxxxxxxxxxx
> >>Dept of Computer Science, Royal Holloway, University of London
> >>WWW: http://www.cs.rhul.ac.uk/home/bobv
> >>Phone: +44 1784 443691
> >>
> >>
> >>
> >>--
> >>Check the headers for your unsubscription address
> >>For additional commands, e-mail: suse-security-help@xxxxxxxx
> >>Security-related bug reports go to security@xxxxxxx, not here
> >>
> >>
> >
> >
> >
> >
>
>

==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691


< Previous Next >