From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 26 21:37:49 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BD8516A400
	for <questions@freebsd.org>; Sun, 26 Mar 2006 21:37:49 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A040843D45
	for <questions@freebsd.org>; Sun, 26 Mar 2006 21:37:48 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.16.2.1] (unknown [172.16.2.1])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 7A7CD2E041
	for <questions@freebsd.org>; Sun, 26 Mar 2006 23:37:55 +0200 (CEST)
Message-ID: <442709A7.4070906@locolomo.org>
Date: Sun, 26 Mar 2006 23:37:43 +0200
From: =?UTF-8?B?RXJpayBOw7hyZ2FhcmQ=?= <norgaard@locolomo.org>
Organization: Locolomo.ORG
User-Agent: Thunderbird 1.5 (X11/20060312)
MIME-Version: 1.0
To: FreeBSD Questions <questions@freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Cyrus-IMAP disallowing clear text connections
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2006 21:37:49 -0000

Hi:

I have a Postfix/Cyrus-IMAP setup, Postfix requires TLS and user 
authentication to relay mail, and cyrus requires TLS and user 
authentication to retrieve mail. Or so I thought:

I just tested to see that things were in fact encrypted and unencrypted 
connection was refused, works fine for Postfix but Cyrus-IMAP accepts 
unencrypted connections _and_ authentication even though I have set the 
following in imapd.conf

   allowplaintext: yes
   allowplainwithouttls: no

How do I force the use of TLS for Cyrus-IMAP?

Also: Postfix allows hiding authentication mechanisms unless TLS is 
invoked (so in clear text, capabilities just show STARTTLS), while 
Cyrus-IMAP announces everything. Is there anyway to be more strict with 
the cyrus in respect of what it announces?

Thanks, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9