On Wednesday 14 January 2004 16:15, Carl Peto wrote:
I've been struggling with this for hours on end!
All I want to do is run an IMAP server to allow my Windows clients to access their unix email with Outlook Express. I tried the imap package but that has been modified now so that no POP3 or IMAP login is allowed with a plaintext password unless using SSL encrypted sessions.
I have had the exact same problem. I DO use SSL, but the change in the imap server package breaks squirrelmail. I also am not amused by SuSE's decision to change the behaviour and by not having a way to turn this off again. However, I made a workaround by force-installing the imap version of SuSE 8.1 over the changed one which is running on SuSE 8.2. So now everytime I forget to UNselect imapd in online update my system breaks again. Very nice.
I too would want a better solution. And I fully concur with you on the subject of Cyrus-imapd. Cyrus seemingly serves one single purpose, to drive sysadmins utterly crazy. ;-| I gave up early when I saw the list of
Thanks Maarten,
I thought I was going mad!
I agree that a core function like this shouldn't be changed in such an
unhelpful way.
IMHO this is supposed to be why we use SuSE rather than suffering the random
decisions of package maintainers and even of IETF bodies?
I am totally unfamiliar with SSL, I've resisted it just out of laziness - I
have enough to do with being a Windows dev. and part-time linux sysadmin
anyway!
All clients will be Outlook Express but I'm guessing that SSL is more of a
shared library thing on Windows, i.e. registry settings, etc. to allow
clients to access a server with SSL where certificate is self-certified.
So anyway it's worth a go; can you give me a quick idea of how I set up SSL
on my linux box, create a certificate and then get imapd to use it?
Alternatively a well-written, simple HOWTO would be fine!
Thanks,
Carl
----- Original Message -----
From: "Maarten v d Berg"
I do not want to get into the complexity of installing SSL, all boxes
behind a completely secure firewall and use CVS pserver, etc. anyway so
"security" gained by encrypting either session or passwords is completely illusory.
The imapd daemon wouldn't accept encrypted passwords even when I switched the option on in my test Outlook Express mail client so I can't win either way.
Installing an SSL certificate so that imapd speaks SSL too is quite simple, if you need help I can look it up for you... it is not more than 5 minutes work, however teaching all the clients that they should trust a self-signed cert sure isn't, so this may not be a viable option for you anyway.
I tried to recompile imapd from source since the change to not allow plaintext passwords except in a TLS session is actually compiled into
server (very bad form, should be a config file option, probably with
are the the this
setting as default). The source package is broken and won't compile.
I tried installing the fiendishly complex cyrus-imapd but that doesn't work either, complaining about a "cannot connect to saslauthd server". Tried changing the sasl_pwcheck_method to "pwcheck" to see if that helped. Daemon won't start now complaining of db errors.
I've set up qpopper to act as a pop3 client so I can now at least pick up my mail inbox from /var/spool/mail/<username> but that means I can't access other folders so (i) if users read mail on UNIX clients the mail goes into mbox and is inaccessible from Windows henceforth and more importantly (ii) users cannot use .procmailrc to sort mail into files like "spam", "suse-security-mailing-list", "cvs-logs" as these are now only accessible via unix and not Windows where people do most of their daily work.
Really it's such a simple thing I want to do!
Can anyone help?
I am certainly willing to contribute but for now I'm stuck with the same problem as you are...
Maarten
Thanks, Carl