Hello, Replies inline...
Patrick Nagel wrote: > Hi Richard, > > On 2009-09-03 16:38, Richard Hobbs wrote: >> Currently, on our new test server, I am offering IMAP on 143 and POP3 on >> 110. > >> We would like to enable security on both of these protocols to attempt >> to eliminate the risk from an internal >> password-grabbing/content-grabbing attack. > >> I presume this would mean enabling SSL, and a more securure >> authentication, right? Or are plain text passwords just sent over the >> SSL, and therefore perfectly secure? > > Yes, plain text passwords are fine with SSL/TLS, since the connection gets > secured before the password is sent. OK, I'll do that then, unless it's not commonly what's done for some reason... >> Also, what are the steps to enable security for these protocols on an >> already-configured server? > >> Is it possible to offer encrypted and non-encrypted services >> simultaneously, so people have a choice of whether they want security or >> not? I know that's a bit weird, but for testing it would be useful. > > No problem. Basically you just need to specify the certificate (ssl_cert_file) > and the key (ssl_key_file) in the config, and add 'imaps' and 'pop3s' to > 'protocols'. Thanks for the advice - how do i generate ssl cert files and ssl key files? Also, various people access our mail server over IP, or various different hostnames - can all of those be built into the key/cert files so they aren't continually warned about hostname mismatches? >> Finally, is there a way to monitor which users are connecting over the >> secure ports and which users are connecting over the non-secure ports? > > You can see it in the log. Excellent. Thanks again, Richard. -- Richard Hobbs (IT Specialist) Toshiba Research Europe Ltd. - Cambridge Research Laboratory Email: richard.ho...@crl.toshiba.co.uk Web: http://www.toshiba-europe.com/research/ Tel: +44 1223 436999 Mobile: +44 7811 803377
smime.p7s
Description: S/MIME Cryptographic Signature
