[TCLUG] STARTTLS vs IMAP SSL

Thu Mar 25 20:00:14 CST 2004

On Thu, 25 Mar 2004 16:35:40 -0600
"Bruce Broecker" <bruce.broecker at toro.com> wrote:

> Sounds like a good basic summary. The key difference is that IMAPS
> is encrypted from the outset. IMAP with StartTLS allows you to
> connect first, then initiate encryption.
> 
> >From a Courier perspective, with IMAPS, you are forcing anyone who
> >connects to use encryption.
> If you use starttls, then you have the option to force encryption or
> simply allow it at the users discretion. Its a configuration option
> in the imap configuration file in your courier/etc directory
> (wherever that may be). I'm doing this from memory, since my courier
> server is at home.

Wow, thanks for the helpful replies.  I see how to force TLS with Courier, but I think I'm too entrenched with naive users now to do this, unless clients automatically use it if forced?  Who am I kidding, there are no clients (plural) they all use Outhouse.  They all POP too, no one seems to know that IMAP even exists.  Server side filters are so nice for Baysian spam learning.

The MTA is qmail, I've found this to be what looks like the most maintained patch for STARTTLS SMTP: http://inoa.net/qmail-tls/ 

I've also thought about doing SMTP over stunnel, I guess you can also implement STARTTLS with a patch to stunnel as well.  Anyone have any suggestions for STARTTLS and qmail?  Use postfix/exim is an execptable though not useful answer.  :)

One last question while I have everyone's attention.  I now have my mail toaster running the following:

SMTP (duh)
IMAP (courier)
POP  (qmail-pop3d)
POPS (qmail-pop3sd with mailfront)
IMAPS (courier)
IMAP STARTTLS (courier)
SMTP AUTH (qmail-smtpd with mailfront)
Selective Relaying (POP before SMTP) with mailfront/relay-ctrl 
SMTP level anti-virus rejection with mailfront
Full spam and anti-virus level rejection with qmail-scanner / clamav / spamassassin

The only thing I think I am missing is APOP and SPF support.  Do people use these?  SPF seems to be a hot topic, at least on the qmail list.  Any thoughts?  I'm currently in the works on a huge html document to describe step-by-step how to setup the above with qmail.  I'll share with the list when I'm done.

Lastly, am I correct in assuming that ESMTP is the same as SMTP AUTH?

Josh

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list