[Dovecot] Disable TLS on port 143?
John Peacock
jpeacock at rowman.com
Tue Jan 9 20:07:21 UTC 2007
Timo Sirainen wrote:
> It'd have to remove "STARTTLS" from CAPABILITY response. No idea if it's
> actually capable of doing that.
>
No, ipchains isn't smart enough (I wasn't paying attention, DUH). It
could only be done with a transparent proxy.
But just stripping the STARTTLS from the CAPABILITY like this:
> --- ./src/imap-login/client.c.orig 2007-01-09 15:03:49.298055528 -0500
> +++ ./src/imap-login/client.c 2007-01-09 15:04:06.883739152 -0500
> @@ -100,7 +100,7 @@
> auths = client_authenticate_get_capabilities(client->common.secured);
> return t_strconcat(capability_string,
> (ssl_initialized && !client->common.tls) ?
> - " STARTTLS" : "",
> + "" : "",
> disable_plaintext_auth && !client->common.secured ?
> " LOGINDISABLED" : "", auths, NULL);
> }
(watch wrapping) should be sufficient.
Of course, if the real issue is that the users are frightened by the
unsigned certificate message, he could pony up the $100 for a cert
signed by a trusted authority and the clients won't even bleat...
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
More information about the dovecot
mailing list