[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] Re: tls problems
From: |
Jordi Mallach |
Subject: |
Re: [bug-mailutils] Re: tls problems |
Date: |
Sun, 19 Jan 2003 00:03:44 +0100 |
User-agent: |
Mutt/1.5.3i |
On Sat, Jan 18, 2003 at 11:13:03PM +0100, Wojciech Polak wrote:
> > poll HOSTNAME port 143 proto imap user USER with pass PASS
> > sslproto tls1
> > sslcert PATH_TO_CERT_FILE
> > sslkey PATH_TO_KEY_FILE
> > is LOCAL_USER here
> Yes, although sslproto, sslcert, and sslkey are not required
> for a client. You can also specify something like this:
>
> poll localhost protocol imap username YOUR-USERNAME
> pass YOUR-PASSWORD mda "/usr/bin/procmail -f %F -d YOUR-USERNAME"
Thanks to both :)
fetchmail: 6.1.2 querying natura (protocol IMAP) at Sat Jan 18 23:55:39 2003:
poll started
fetchmail: IMAP< * OK IMAP4rev1
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4rev1 NAMESPACE X-VERSION AUTH=GSSAPI
fetchmail: IMAP< A0001 OK CAPABILITY Completed
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: IMAP> A0002 LOGIN "jordi" "*"
fetchmail: IMAP< A0002 OK LOGIN Completed
Shouldn't the CAPABILITY reply advertise TLS? It appears not use it.
> > Well, not quite so. The functionality added is known as 'TLS support'
> > (RFC 2595). It operates on good old port 143.
> Yeap :-).
>
> I can only add that port numbers like 993 (imaps) or 995 (pop3s) are reserved
> for services, which by default are listening on a secure channels.
> For instance: imap4d+stunnel or pop3d+stunnel. This means that there is no way
> to connect to them en clair. When a server supports TLS/SSL (RFC 2595) by
> itself, like gnu-pop3d does now (and gnu-imap4d), then it is okay to run them
> on their common port numbers, i.e. 143 for imap and 110 for pop3. You can
> connect to them en clair and you (a client) decide whether you want to use
> TLS,
> or not. This check is done by the CAPA command (pop3) or the CAPABILITY
> command (imap4), and if it is possible, then a client encrypts session
> with STLS command (pop3) or STARTTLS command (imap).
Right. So basically it's just encrypting the login sequence, unlike
imaps which encrypts the whole transaction, right? I guess this is
comparable to what postfix-tls does using smtp-auth?
Is having full ssl support a goal in mailutils TODO?
Jordi
--
Jordi Mallach PĂ©rez -- Debian developer http://www.debian.org/
address@hidden address@hidden http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/~jordi/
pgpreBlK1jLMF.pgp
Description: PGP signature