Le Fri, 23 Apr 2004 19:07:13 -0400 Amelia A Lewis a ecrit : [...]
Dovecot cannot, currently, be configured to permit plaintext on localhost while requiring Something Better from the rest of the world. This becomes a problem with SquirrelMail, which can't cope with TLS. It just barfs. Looking at bug reports in debian, this has already been noticed, and the maintainer there (and the maintainers of SquirrelMail) considers this a non-problem, 'cause, they say, you shouldn't be using TLS with webmail.
Is there a way to set up, for instance, two instances of dovecot, running on different ports, so that one listens to the external interface and the other listens to localhost? I don't much like the idea, but how would I go about doing this? Two copies of dovecot.conf and a command-line switch?
SquirrelMail works perfectly fine with Dovecot and TLS. I use it in production for the company I work in.
However, it is true that I had to debug a very big issue with PHP and the way it is compiled. I'm using NetBSD and pkgsrc, but I guess it might be the same with the Debian packages.
If PHP has not OpenSSL compiled in, it will not be able to initiate TLS connections. The openssl PHP module only contains crypto functions, and won't bring in support for TLS. You have to compile it in the php binary and/or the Apache PHP module.
Thus I committed (no later than a few days ago) a change to our php packages to allow support for OpenSSL compiled in, and that works.
What make the issue really bad is the way PHP handles this: creating the socket won't fail. If OpenSSL support is not compiled in, the TLS option SquirrelMail passes along while creating the socket is ignored. Thus SquirrelMail gets a "normal" socket, and you can see it in Ethereal and the like: SquirrelMail send in clear text 'AUTH ...' while Dovecot of course expects some TLS data, and then it gets stuck for a while.
Hope that helps. And you can even use pkgsrc on your Linux distribution to get the full suite, it's already Dovecot/SquirrelMail/TLS-ready :) [http://www.pkgsrc.org]
-- Quentin Garnier - cube@cubidou.net - cube@NetBSD.org "Feels like I'm fiddling while Rome is burning down. Should I lay my fiddle down and take a rifle from the ground ?" Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.