On Mon, Jan 10, 2011 at 07:00:13AM -0500, Adam Tauno Williams wrote: > On Sun, 2011-01-09 at 14:40 -0800, Dudi Goldenberg wrote: > > >I am using Thunderbird to test with. I want completely disallow logins > > >without TLS for IMAP. > > Have a look at /etc/cyrus.conf: > > > > Just hash out imap and restart cyrus. > > Incorrect. That disables IMAP (TCP/143) and leaves IMAP-over-SSL. > Secure IMAP (IMAP w/TLS) still uses TCP/143. IMAP-over-SSL is rather > hackish. What war are you trying to win here? Stopping people using plaintext connections, or stopping passwords being potentially exposed to snoopers? Because "Secure IMAP" on port 143 just means that once the user has sent their plaintext password over the wire already, you tell them to get lost rather than let them in. It doesn't stop stupid client programs sending the plaintext password out in the first place. IMAP-over-SSL does, because no client sends the password over the network until it has a TCP connection - and it doesn't get one of them if it tries to connect to port 143 and you don't have it turned on. So what's so hackish about IMAP-over-SSL precisely? Bron. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
