[imp] IMP : SMTP + SASL over TLS

julien.thomas at enst-bretagne.fr julien.thomas at enst-bretagne.fr
Thu Aug 16 15:20:09 UTC 2007


I think that an auto answer is sometimes welcomed ...

So, for my question "is it possible to use TLS", I think that the answer
is NO. I found hint such as tls:// and others, but it does not work  
(at least with Horde).

So, the solution I use (and which may be used by others)

For internal services (ie on the local services LAN), I put no restriction as
each services is administrated and thus configured to either used TLS or SSL.
And at the router, I put a deny on the 25 port (which means an allow  
on 465, smtp with ssl, ...).

However, it can also be configured at the smtp server level, and not  
at the router.

This work for me as I'm only tested messages checks & local sending  
but not with the outside. So maybe other solutions would be better ....

One other thing would be to state "each user will use the TLS or SSL,  
if we told them", but this require confidence in the users ...

-- Julien Thomas

julien.thomas at enst-bretagne.fr a écrit :

> Hi dear Horde users,
>
> I have a question about TLS + SASL + SMTP with Horde.
> I know that this subject as already been asked before, see for example
>
> [imp] IMP + SMTP auth over ssl/tls
> http://lists.horde.org/archives/imp/Week-of-Mon-20060417/044990.html
>
> [horde] SMTP auth with TLS?
> http://lists.horde.org/archives/horde/Week-of-Mon-20061002/032041.html
>
> However, both threads present the problem but no solution are provided.
>
> So, here is the question : is it possible to use TLS (enforce = yes,
> use_auth_only=yes) + SASL with postfix.
>
> In horde/conf.php, I have
>   $conf['mailer']['params']['auth'] = true
> This solve the problem of SASL, if TLS (! enforced & aut_only)
>
> However, with TLS in enforced mode, the problem is that postfix EHLO
> command do not show AUTH LOGIN option until the TLS connexion is
> started (STARTTLS). Thus, when sending mail, IMP failed, telling that
> AUTH LOGIN is not supported, though the tls session must be started
> before.
>
> Is there any kind of option  $conf['mailer']['params']['tls'] = true ?
>   or others as I did not found anything about this.
>
> Thanks
>
> -- Julien
>
> --
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>





More information about the imp mailing list