m.seaman at plasm.demon.co.uk
Sat Oct 14 15:48:48 BST 2000
On Fri, Oct 13, 2000 at 10:26:20AM +0100, Neil Ford wrote:
> Well I gave Cyrus a go but couldn't get a connection (from a pc running Outlook
> Express) so I tried imap-wu and it worked first time.
I've used UW imap. but never Cyrus. UW imap generally works well, but
I have found from bitter experience that it doesn't mix with NFS
mounting home directories onto a mail server from a solaris machine.
> My main aim is to not have passwords transmitted in plaintext. The box is only
> going to be used by Natalie and myself so the loads not going to be too great.
> As we will have shell access I want to try and keep things as tight as
Heh. Install UW imap and you've got shell access to the imap server
anyhow. There's a FreeBSD security advisory with the details.
> So advice on how to get either Cyrus or imap-wu to only accept secure
> connections is what I'm looking for.
i) UW imapd has a built in mechanism whereby you can create a link
from the installed imapd to /etc/rimapd. If you then run /etc/rimapd
on the server via eg. ssh it gives you a pre-authenticated session.
This is probably only useful with pine, which defaults to using this
mechanism out of the box.
Look at the file /usr/ports/mail/imap-uw/work/imap-4.7c/docs which
says in part:
STEP 3: optional rimap setup
If you want to enable the rimap capability, which allows users with a
suitable client and .rhosts file on the server to access IMAP services
without transmitting her password in the clear over the network, you need
to have /etc/rimapd as a link to the real copy of imapd. Assuming you have
imapd installed on /usr/local/etc as above:
% ln -s /usr/local/etc/imapd /etc/rimapd
Technical note: rimap works by having the client routine tcp_aopen()
invoke `rsh _host_ exec /etc/rimapd' in an child process, and then returning
pipes to that process' standard I/O instead of a TCP socket. You can set up
`e-mail only accounts' by making the shell be something which accepts only
that string and not ordinary UNIX shell commands.
ii) There is are a couple of SSL patch kits for UW imap --- as the FAQ says:
Q: Can I use SSL?
A: Unfortunately, due to US government export restrictions, the source code
to our SSL IMAP patchkit is currently not available. There are packages
available from third parties to modify the IMAP toolkit to do SSL, or
to tunnel IMAP and POP3 sessions through SSL.
We are not happy about the restrictions (especially since our SSL IMAP
patchkit is a very clean implementation), but our hands are tied. The
recent announcement about a relaxation of encryption restrictions does
not apply to us, because we distribute free software in source form on
a non-discriminatory basis.
but I've no idea where to get a legal copy of the patch kit, or even if that legal restriction still applies.
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Tel: +44 1628 476614 Bucks., SL7 1TH UK
More information about the Ukfreebsd