Thanx for all your answers, but this is not my original question :-) " In fact, I don't use and don't want to use TLS, but IMAP over SSL." I don't want ANYTHING running on port 143. I don't want imap daemon running on my server, only imaps. I still want to be able to use cyradm, and use it through imaps 993. Is it possible ? Thanx, Seb -----Message d'origine----- De : Jorey Bump [mailto:list@xxxxxxxxxxxxx] Envoyé : lundi 14 avril 2008 20:43 À : Andrew Morgan Cc : Sébastien Rozier; info-cyrus@xxxxxxxxxxxxxxxxxxxx Objet : Re: how to use cyradm with imaps ? Andrew Morgan wrote, at 04/14/2008 12:44 PM: > Isn't there a way to have Cyrus listen on the regular IMAP port (143) > but require a secure connection to login? Some trick with > allowplaintext and/or sasl_minimum_layer? Yes. For example: sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 allowplaintext: no sasl_minimum_layer: 128 To connect with cyradm using TLS: cyradm localhost -tls > Who cares if you listen on 143 as long as people aren't sending > passwords in the clear. TLS is as good as SSL. Agreed. Furthermore, it stops a lot of brute force password cracking attempts dead in their tracks, since most don't attempt to use encrypted connections (they're looking for low hanging fruit, I guess). ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
