On Fri, 10 Jul 2009, Thomas Harding wrote: > Hello, > I use imaps with a single CA (home made), which make me able to filter > users basing on trusted-CA signed certificates. > > This allows me to restrict user's login on their ability to present > a certificate signed by my CA, and only by it (that's what I hope), > as I disabled all services but imaps and sieve. > > However, I can't find how to obtain the same behavior with sieve : > it still allows non-encrypted sessions. > > My version is a Debian packaged one: > ii cyrus-imapd-2.2 2.2.13-14+b3 > > > Here the relevant lines of my /etc/imapd.conf : > tls_cert_file: /etc/ssl/certs/xxxxxxxxxxx.pem > tls_key_file: /etc/ssl/private/xxxxxxxxxxxxxx.key.pem > tls_ca_file: /etc/ssl/certs/xxxxxxxxxxxx.pem > tls_require_cert: true > > How to disable non-TLS sessions on sieve, and more generally for any > cyrus service? I can't remember if this setting was in Cyrus 2.2 versions, but have you tried setting: allowplaintext: 0 in your imapd.conf? Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
