[horde] Question about IMAP/TLS

[mtecles at biof.ufrj.br]

On 17 Mar 2010 at 6:27, Nybbles2Byte wrote:

> Hello,
> 
> My server now requires an encrypted imap connection.  It works fine with several email clients but not with horde.
> 
> I changed the config line from:
> 	$conf['auth']['params']['dsn'] = '{localhost:143/imap/notls}'; (working before the encryption requirement)
> to:
> 	$conf['auth']['params']['dsn'] = '{localhost:993/imap/tls}';
>   
> which matches my email client settings but I still can't log in. 
> 
> According to my email client the server uses (which is cyrus-imap):
> 	MD-5 CRAM-HMAC Challenge/Response (RFC-2095)
> 
> Does anyone have any ideas about what you need to do to make this work?
> 
> Many thanks!
> 
> -- 
> Nybbles2Byte                          mailto:nybbles2byte at gmail.com
> -- 
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

My suggestion is not use secure IMAP connection from localhost, it 
does not go through the network. Its like encrypted thinking to 
yourself. Use your original IMP configuration 
(localhost:143/imap/notls), force Horde and your Web server to use 
HTTPS, configure your Cyrus-imap to imap and imaps, and use a 
firewall that permits 143 connection from localhost, but only 993 
connections from any other IP (of course, the firewall should permit 
access to other services that your server provides, like https). 

This way your Horde sessions will be encrypted (passwords and all 
information) an still permit secure IMAP connections from other mail 
client.

Mauricio

Mauricio
--------------------------------------------------------
Mauricio J. T. Tecles
Instituto de Biofisica Carlos Chagas Filho - UFRJ
Edificio do Centro de Ciencias da Saude, Bloco G
Av. Carlos Chagas Filho, 373
Cidade Universitaria, Ilha do Fundao
Rio de Janeiro, RJ
Brasil
21941-902
Telefone: 55 21 2562-6544
FAX: 55 21 2280-8193
mtecles at biof.ufrj.br