[Dovecot] imaps tls/ssl and stupid clients
Timo Sirainen
tss at iki.fi
Sat May 28 15:59:23 EEST 2005
On Thu, 2005-05-26 at 20:05 +0100, Michael Moritz wrote:
> We have been using dovecot now as replacement for qpopper for over 2 weeks and
> it's working nicely. I have now tried to enable ssl/tls for myself and other
> inhouse users which also works fine. But the problem is that I use an
> uncertified certificate. Which is not a problem for kmail, as it just pops up
> a box asking whether I want to accept the certificate or not. But apparently,
> some stupid email programs used by other people just hang up on an
> uncertified certificate.
By uncertified do you mean a self-signed certificate, or have you
created your own CA and used it to sign the certificate? By using your
own CA it could work better..
> I have figured out that
> ssl_disable = yes
> is the critical setting. If it's set everything works, if not, then all
> services allow tls/ssl and the stupid clients choke on it. Since others just
> use pop3 I wonder whether there is a way I can disable tls support for pop3
> but enable it for imap or even only for imaps?
> Any ideas or am I starting from the wrong side?
No way to disable it for just POP3 without changing the sources
(pop3-login/client-authenticate.c cmd_capa() remove STLS line and line
before that). I'm doing some configuration code rewrites right now,
after those are finished it should be possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20050528/47a1884c/attachment-0001.pgp
More information about the dovecot
mailing list