Andrew Morgan wrote, at 04/14/2008 12:44 PM: > Isn't there a way to have Cyrus listen on the regular IMAP port (143) > but require a secure connection to login? Some trick with > allowplaintext and/or sasl_minimum_layer? Yes. For example: sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 allowplaintext: no sasl_minimum_layer: 128 To connect with cyradm using TLS: cyradm localhost -tls > Who cares if you listen on 143 as long as people aren't sending > passwords in the clear. TLS is as good as SSL. Agreed. Furthermore, it stops a lot of brute force password cracking attempts dead in their tracks, since most don't attempt to use encrypted connections (they're looking for low hanging fruit, I guess). ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
