Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
RE: [suse-security] IMAP and 8.2
Just have a look at then config file in /etc/stunnel/stunnel.conf

It has a [ ] section for imaps, uncomment and start the service,
/etc/init.d/stunnel start

You should see a listening port on 993, netstat –an |grep 993

And then you should be able to configure your mail client to use SSL’ed
imap.



For maximum security you should only allow imap connections from localhost.



Next is to use smtps (secure smtp) to send mail...



Bjorn Robertsson



-----Original Message-----
From: David Soltero-Lugo [mailto:david@xxxxxxxxxxxxx]
Sent: 17. maí 2003 14:20
To: Björn Róbertsson
Cc: R.Vickers@xxxxxxxxxxxxx; bobv@xxxxxxxxxxxxx; vbru@xxxxxxxxxxx;
suse-security@xxxxxxxx
Subject: Re: [suse-security] IMAP and 8.2




I tried the inet option (on xinetd) and did not work, can you provide mor
information on the stunnel option??

Thanks
David

Björn Róbertsson wrote:



I also discovered that my ssl'd imapd service had stopped working. I'd
created stunnel connection and I found in /etc/stunnel a config file which
allowed for a very simple configuration...

This however requires the service stunnel started and you need to remove
the corresponding imap/pop lines from /etc/inetd.conf

Hope to help :)

Bjorn Robertsson

p.s. I use cyrus so the cyrus config does not need to know imaps if you
use stunnel.



Vaclav,

Yesterday we too upgraded our mail server and discovered this change
that SuSE quietly introduced. It sounds like you have done the hard
part; to configure inetd.conf to support SSL-enabled IMAP and POP you
just need lines
imaps stream tcp nowait root /usr/sbin/tcpd imapd
pop3s stream tcp nowait root /usr/sbin/tcpd ipop3d

I've found it very hard to find good documentation on how to set up an
IMAP service that does not use plaintext passwords.

Bob


On Wed, 14 May 2003, Vaclav Brunnhofer wrote:



Being prevented here in this group that the support for 7.2 would
finish in the near future (see another thread), I have purchased and
upgraded to 8.2.

So far, almost everything is working as expected, expect for IMAP (the
same case would be POP3, if I would not use qpopper).
In the mean time, I have found information that the IMAP rpm, shipped
with 8.2 (IMAP 2002) is a major release, enabling to disable fulltext
passwords for identification. Apparently the rpm shipped with 8.2 is
compiled with this in mind. So far it is good, but I cannot find any
information, how to make it work. I have found that it is necessary to
use starttls - a ssl based authentification.

Just I cannot find (may be I am using incorrect queries in google) how
to setup the IMAP server - I have found how to configure the clients,
how to compile IMAP for disabling authetification by plaintext
passwords, but I am missing information, how to configure inetd (or
even xinetd) to work with this imap daemon. The same applies for
ipop3, just I have installec qpopper and this works fine.

SuSE installation support claims it is beyond the scope of
installation support.

Does anyone know how to make the imap over startls or ssl work?
Thanks a lot

S pozdravem

Vaclav Brunnhofer

========================================================
=======
| Entomologicky ustav e-mail: vbru@xxxxxxxxxxx |
| Akademie Ved Ceske Republiky tel.: 038 7775251
|
| Branisovska 31 fax: 038 5310354 |
| 370 05 Ceske Budejovice mobil: +420 606 632822 |
========================================================
======


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here



==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here








< Previous Next >