From owner-freebsd-security  Thu May  2  4:30:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from exodus.ait.co.za (exodus.ait.co.za [66.8.26.2])
	by hub.freebsd.org (Postfix) with SMTP id C941737B41B
	for <freebsd-security@FreeBSD.ORG>; Thu,  2 May 2002 04:30:12 -0700 (PDT)
Received: from aragon [66.8.86.210] by exodus.ait.co.za
  (SMTPD32-4.06) id A1A06B200C2; Thu, 02 May 2002 13:29:20 0200
Message-ID: <002d01c1f1cc$e93bd740$01000001@aragon>
From: "Aragon Gouveia" <aragon@phat.za.net>
To: "Mario Pranjic" <mario.pranjic@irb.hr>,
	<freebsd-security@FreeBSD.ORG>
References: <Pine.GSO.4.32.0205021249220.566-100000@nippur.irb.hr>
Subject: Re: sslwrap and imap
Date: Thu, 2 May 2002 13:31:31 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Howdy,

> > A possibly much better solution is to just use courier-imap in
> > /usr/ports/mail.  Courier-imap is a more robust, more secure, more
> > featureful imap daemon, and it speaks ssl natively - no need to use
> > sslwrap.  The only barrier to using courier-imap is that the mailspools
> > must be maildirs instead of traditional mbox's.
>
> Yes, the maildir concept doesn't suit me. So I gave up from Courier-imap.
> Too bad, because I think it's a great imapd.

I'm assuming you're using uw-imap. If so, I can highly recommend compiling
your cclient with SSL support (and possibly any other mods like home
Mailboxes?) before installing uw-imap. Like this, it gets called from inetd
as follows:

imaps   stream  tcp     nowait  root    /usr/local/libexec/imapd
imapd

And you have a nice neat uw-imaps daemon :). Calling it using just "imap" as
the service name will still allow you a clear text imapd.

Haven't tried sslwrap, but I used to do the same thing with stunnel and a
non SSL'd uw-imap and found it problematic at times. This works flawlessly!


Regards,
Aragon



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message