On 2006-07-21 at 19:15 -0700, Ross Boylan wrote: > I'm not entirely clear about whether PLAIN can be used, even if not > advertised, if the session is not secure. Since I'm doing everything > on one box, it's not a big security risk (I think). How about modifying cyrus.conf so that the listen directives say listen="127.0.0.1:143" and make the cmd="imapd -p 10" or some other value? "1" means integrity protection but no confidentiality. OpenLDAP uses 71 for "unix-domain socket" (and yes, Cyrus IMAPd works with a Unix-domain socket but most MUAs don't). 10 seems a reasonable middle ground for "loopback, which is safe enough if I enable antispoof protection"; since Unix uses a weak end-system model, where one IP address can be reached from another interface, you'll need to make sure that your host's packet-filter prevents packets addressed to 127.0.0.1 arriving on the wire. -- "Everything has three factors: politics, money, and the right way to do it. In that order." -- Gary Donahue ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
