[Dovecot] problems with squirrelmail and TLS (debian unstable)
cube at NetBSD.org
Sat Apr 24 18:24:50 EEST 2004
Le Sat, 24 Apr 2004 10:48:44 -0400
Amelia A Lewis a ecrit :
> I should follow up, having complained in public ...
My reply didn't make it to the list because I was using the wrong From
> On Sat, 24 Apr 2004 06:56:42 +0200
> Quentin Garnier <cube at cubidou.net> wrote:
> > Le Fri, 23 Apr 2004 19:07:13 -0400
> > Amelia A Lewis a ecrit :
> > [...]
> > > Dovecot cannot, currently, be configured to permit plaintext on
> > > localhost while requiring Something Better from the rest of the
> > > world.
> > >
> > > This becomes a problem with SquirrelMail, which can't cope with TLS.
> > >
> > > It just barfs. Looking at bug reports in debian, this has already
> > SquirrelMail works perfectly fine with Dovecot and TLS. I use it in
> > production for the company I work in.
> > However, it is true that I had to debug a very big issue with PHP and
> > the way it is compiled. I'm using NetBSD and pkgsrc, but I guess it
> > might be the same with the Debian packages.
> It's interesting that there are different issues.
> My debian installation had a bug in functions/imap_general.php that
> discarded the server name if tls was used (the server name became
> "tls://", only, instead of prepending that to the server name). Once I
> fixed that (now reported to debian maintainer, so should show fixed soon
> there), I still had problems, because I assumed that squirrelmail could
> do STARTTLS. It doesn't, apparently (I could be wrong again, though).
Yes, it doesn't. SquirrelMail doesn't really care about TLS, it merely
passes a parameter to the PHP socket API telling it wants TLS for that
connection. Turning on TLS in the middle of a TCP connection requires
more integration between the application layer and OpenSSL.
> So, all serene. *laugh* On the other hand, I *would* still like to be
> able to run without TLS on localhost (a localhost exception to
> disable_plaintext_auth), because it's fairly pointless to require the
> processor to do all the extra work of encryption and decryption in that
> situation. Feature request, please, Timo?
Yeah, some generalized ACLs would be good.
Quentin Garnier - cube at NetBSD.org
The NetBSD Project - http://www.NetBSD.org/
More information about the dovecot