Hello, Sorry people - my problem is actually the opposite of what I wrote below... POP3 gives no encryption options whatsoever, and IMAP defaults correctly, but still gives the option for no encryption.
Also, the SSL section of dovecot.conf is here: http://pastebin.ca/1582348 Thanks again! Richard. Richard Hobbs wrote: > Hello, > >>> Is it possible to offer encrypted and non-encrypted services >>> simultaneously, so people have a choice of whether they want >>> security or not? I know that's a bit weird, but for testing >>> it would be useful. >> No problem. Basically you just need to specify the certificate >> (ssl_cert_file) and the key (ssl_key_file) in the config, and >> add 'imaps' and 'pop3s' to 'protocols'. > > Thanks for the advice... however, it has only partially worked. > > When i "check what the server supports" in Kmail when setting up a new > account in my email client, for POP3, it says it supports None, SSL and > TLS and defaults to TLS, and auth methods are Clear text and Plain. > > Is there a way to get rid of the "None" method for encryption? I do not > have "pop3" in the protocols line - only "pop3s". > > As for IMAP, the problem is worse... all i get for IMAP is "No > encryption with clear text passwords". SSL/TLS just doesn't seem to be > an option for IMAP despite "imaps" being in the protocols line and > "imap" *not* being there. > > For both these tests, rightly or wrongly, i used the standard ports (110 > for POP3, 143 for IMAP). I know SSL typically operates on higher ports > numbers, at least for IMAP, but I dont' know how this all works when you > turn off non-encrypted protocols. > > Any advice gratefully received! > > Thanks again, > Richard. > > > Patrick Nagel wrote: >> Hi Richard, >> >> On 2009-09-03 16:38, Richard Hobbs wrote: >>> Currently, on our new test server, I am offering IMAP on 143 and POP3 on >>> 110. >>> We would like to enable security on both of these protocols to attempt >>> to eliminate the risk from an internal >>> password-grabbing/content-grabbing attack. >>> I presume this would mean enabling SSL, and a more securure >>> authentication, right? Or are plain text passwords just sent over the >>> SSL, and therefore perfectly secure? >> Yes, plain text passwords are fine with SSL/TLS, since the connection gets >> secured before the password is sent. >> >>> Also, what are the steps to enable security for these protocols on an >>> already-configured server? >>> Is it possible to offer encrypted and non-encrypted services >>> simultaneously, so people have a choice of whether they want security or >>> not? I know that's a bit weird, but for testing it would be useful. >> No problem. Basically you just need to specify the certificate >> (ssl_cert_file) >> and the key (ssl_key_file) in the config, and add 'imaps' and 'pop3s' to >> 'protocols'. >> >>> Finally, is there a way to monitor which users are connecting over the >>> secure ports and which users are connecting over the non-secure ports? >> You can see it in the log. >> >> Patrick. >> > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > ______________________________________________________________________ > > > -- Richard Hobbs (IT Specialist) Toshiba Research Europe Ltd. - Cambridge Research Laboratory Email: richard.ho...@crl.toshiba.co.uk Web: http://www.toshiba-europe.com/research/ Tel: +44 1223 436999 Mobile: +44 7811 803377
smime.p7s
Description: S/MIME Cryptographic Signature
