Re: [bug-mailutils] Re: tls problems

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] Re: tls problems

From:	Jordi Mallach
Subject:	Re: [bug-mailutils] Re: tls problems
Date:	Sun, 19 Jan 2003 00:03:44 +0100
User-agent:	Mutt/1.5.3i

On Sat, Jan 18, 2003 at 11:13:03PM +0100, Wojciech Polak wrote:
> > poll HOSTNAME port 143 proto imap user USER with pass PASS
> >  sslproto tls1
> >  sslcert PATH_TO_CERT_FILE
> >  sslkey PATH_TO_KEY_FILE
> >  is LOCAL_USER here
> Yes, although sslproto, sslcert, and sslkey are not required
> for a client. You can also specify something like this:
> 
>  poll localhost protocol imap username YOUR-USERNAME
>     pass YOUR-PASSWORD mda "/usr/bin/procmail -f %F -d YOUR-USERNAME"

Thanks to both :)

fetchmail: 6.1.2 querying natura (protocol IMAP) at Sat Jan 18 23:55:39 2003: 
poll started
fetchmail: IMAP< * OK IMAP4rev1
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4rev1 NAMESPACE X-VERSION AUTH=GSSAPI
fetchmail: IMAP< A0001 OK CAPABILITY Completed
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: IMAP> A0002 LOGIN "jordi" "*"
fetchmail: IMAP< A0002 OK LOGIN Completed

Shouldn't the CAPABILITY reply advertise TLS? It appears not use it.

> > Well, not quite so. The functionality added is known as 'TLS support'
> > (RFC 2595). It operates on good old port 143.
> Yeap :-).
> 
> I can only add that port numbers like 993 (imaps) or 995 (pop3s) are reserved
> for services, which by default are listening on a secure channels.
> For instance: imap4d+stunnel or pop3d+stunnel. This means that there is no way
> to connect to them en clair. When a server supports TLS/SSL (RFC 2595) by
> itself, like gnu-pop3d does now (and gnu-imap4d), then it is okay to run them
> on their common port numbers, i.e. 143 for imap and 110 for pop3. You can
> connect to them en clair and you (a client) decide whether you want to use 
> TLS,
> or not. This check is done by the CAPA command (pop3) or the CAPABILITY
> command (imap4), and if it is possible, then a client encrypts session
> with STLS command (pop3) or STARTTLS command (imap).

Right. So basically it's just encrypting the login sequence, unlike
imaps which encrypts the whole transaction, right? I guess this is
comparable to what postfix-tls does using smtp-auth?

Is having full ssl support a goal in mailutils TODO?

Jordi
-- 
Jordi Mallach Pérez  --  Debian developer     http://www.debian.org/
address@hidden     address@hidden     http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/~jordi/

pgpreBlK1jLMF.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] tls problems, Jordi Mallach, 2003/01/18
- [bug-mailutils] Re: tls problems, Wojciech Polak, 2003/01/18
  - Re: [bug-mailutils] Re: tls problems, Jordi Mallach, 2003/01/18
- Re: [bug-mailutils] tls problems, Sergey Poznyakoff, 2003/01/18
  - [bug-mailutils] Re: tls problems, Wojciech Polak, 2003/01/18
    - Re: [bug-mailutils] Re: tls problems, Jordi Mallach <=
    - Re: [bug-mailutils] Re: tls problems, Sergey Poznyakoff, 2003/01/19

Prev by Date: [bug-mailutils] Re: tls problems
Next by Date: Re: [bug-mailutils] Re: tls problems
Previous by thread: [bug-mailutils] Re: tls problems
Next by thread: Re: [bug-mailutils] Re: tls problems
Index(es):
- Date
- Thread