-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Richard,
On 2009-09-03 16:38, Richard Hobbs wrote: > Currently, on our new test server, I am offering IMAP on 143 and POP3 on > 110. > > We would like to enable security on both of these protocols to attempt > to eliminate the risk from an internal > password-grabbing/content-grabbing attack. > > I presume this would mean enabling SSL, and a more securure > authentication, right? Or are plain text passwords just sent over the > SSL, and therefore perfectly secure? Yes, plain text passwords are fine with SSL/TLS, since the connection gets secured before the password is sent. > Also, what are the steps to enable security for these protocols on an > already-configured server? > > Is it possible to offer encrypted and non-encrypted services > simultaneously, so people have a choice of whether they want security or > not? I know that's a bit weird, but for testing it would be useful. No problem. Basically you just need to specify the certificate (ssl_cert_file) and the key (ssl_key_file) in the config, and add 'imaps' and 'pop3s' to 'protocols'. > Finally, is there a way to monitor which users are connecting over the > secure ports and which users are connecting over the non-secure ports? You can see it in the log. Patrick. - -- STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone: +86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779 PGP key: E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkqfhoIACgkQ7yMg/OiDoAWzuQCfSpkZn7AXpsSbh3dVLPtsYQBr PL0An22lbqUY/MCGca8Q+RXOhojvfcf9 =wKmX -----END PGP SIGNATURE-----
