Le Sat, 24 Apr 2004 10:48:44 -0400 Amelia A Lewis a ecrit :
I should follow up, having complained in public ...
My reply didn't make it to the list because I was using the wrong From address.
On Sat, 24 Apr 2004 06:56:42 +0200 Quentin Garnier cube@cubidou.net wrote:
Le Fri, 23 Apr 2004 19:07:13 -0400 Amelia A Lewis a ecrit : [...]
Dovecot cannot, currently, be configured to permit plaintext on localhost while requiring Something Better from the rest of the world.
This becomes a problem with SquirrelMail, which can't cope with TLS.
It just barfs. Looking at bug reports in debian, this has already
SquirrelMail works perfectly fine with Dovecot and TLS. I use it in production for the company I work in.
However, it is true that I had to debug a very big issue with PHP and the way it is compiled. I'm using NetBSD and pkgsrc, but I guess it might be the same with the Debian packages.
[snip]
It's interesting that there are different issues.
My debian installation had a bug in functions/imap_general.php that discarded the server name if tls was used (the server name became "tls://", only, instead of prepending that to the server name). Once I fixed that (now reported to debian maintainer, so should show fixed soon there), I still had problems, because I assumed that squirrelmail could do STARTTLS. It doesn't, apparently (I could be wrong again, though).
Yes, it doesn't. SquirrelMail doesn't really care about TLS, it merely passes a parameter to the PHP socket API telling it wants TLS for that connection. Turning on TLS in the middle of a TCP connection requires more integration between the application layer and OpenSSL.
So, all serene. *laugh* On the other hand, I *would* still like to be able to run without TLS on localhost (a localhost exception to disable_plaintext_auth), because it's fairly pointless to require the processor to do all the extra work of encryption and decryption in that situation. Feature request, please, Timo?
Yeah, some generalized ACLs would be good.
-- Quentin Garnier - cube@NetBSD.org The NetBSD Project - http://www.NetBSD.org/