[imp] IMAP and Security issues

Rich Lafferty rich@horde.org
Fri, 9 Feb 2001 12:12:24 -0500 

On Fri, Feb 09, 2001 at 11:38:20AM -0500, Donnie Barnes (djb@donniebarnes.com) wrote:
> 
> First, can IMP speak imap-ssl?  I'm not sure it should need to...

<URL:http://www.horde.org/faq/admin/prereq/index.php#p9>

> I'm in the unfortunate situation that I can't necessarily trust the
> integrity of the network that my server sits on and thus do care
> about sniffing.  That's the attraction to the imap-ssl option.  I
> assume, however, that I could probably keep a non-ssl IMAP server
> for localhost use and have a public imap-ssl server, correct?  I'm
> just worried that would cause consistency problems.  *sigh*

Controlling who can connect to what port is relatively straightforward
on most Unixes; I imagine that some SSL-enabled IMAP servers allow
listening to specific interfaces rather than INADDR_ANY.
 
> Has anyone compared IMP to Intrastore's stuff?
> http://intrastore.cdc.com/www/ I played with the demo on their site.
> It's not as pretty, but it does have more features (at least more
> than the 2.2 IMP stuff).  It *appears* to have its own imap-ssl
> server, too.

I'm not sure that I understand what benefits having its own IMAP
server provides.

  -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------


>From chuck@horde.org Date: Fri,  9 Feb 2001 12:11:18 -0500
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 37428 invoked from network); 9 Feb 2001 17:12:13 -0000
Received: from r94aag005136.sbo-smr.ma.cable.rcn.com (HELO marina.horde.org) (209.6.192.126)
  by horde.org with SMTP; 9 Feb 2001 17:12:13 -0000
Received: by marina.horde.org (Postfix, from userid 33)
	id 9674939F4; Fri,  9 Feb 2001 12:11:18 -0500 (EST)
Received: from 206.243.191.252 ( [206.243.191.252])
	as user chuck@marina by marina.horde.org with HTTP;
	Fri,  9 Feb 2001 12:11:18 -0500
Message-ID: <981738678.3a8424b652353@marina.horde.org>
Date: Fri,  9 Feb 2001 12:11:18 -0500
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] IMAP and Security issues

Quoting Donnie Barnes <djb@donniebarnes.com>:

> First, can IMP speak imap-ssl?  I'm not sure it should need to...

IMP doesn't really need to know about it, but if you compile c-client with ssl 
support, then yes, you can configure IMP to use an ssl imap server just fine. 
There's a minor patch needed to use this in IMP that is in 2.3; I can walk 
someone through what to change for 2.2 if anyone really needs it.

> Has anyone compared IMP to Intrastore's stuff? 
> http://intrastore.cdc.com/www/
> I played with the demo on their site.  It's not as pretty, but it does have
> more features (at least more than the 2.2 IMP stuff).

I took a quick look, but I'd be interested in your list of what they have that 
IMP doesn't; I think 2.3 compares pretty well.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"My intuitive grasp of math often leads me astray." -Me