W
whitecurve
Guest
I've been experimenting with trying to forcing users to use TLS when they access their mail via IMAP:143 but have come across some very strange behaviour.
I discovered that to force TLS I just have to change the variable IMAP_TLS_REQUIRED to 1.
This variable lives in /usr/lib/courier-imap/etc/imapd-ssl or /etc/courier-imap/imapd-ssl on a 7.5.4 box.
In theory with this variable set courier should only allow users to login when they use TLS.
Unfortunately after making IMAP_TLS_REQUIRED=1 all my mailclients hang. So then I checked the logs and discovered that the daemon is logging in ok but its trying to read "maildir=/root" rather then "maildir=/var/qmail/mailnames/DOMAINNAME/USERNAME/Maildir".
Even stranger is that if i set IMAP_TLS_REQUIRED=0 and force the client to use TLS courier works fine and reads the correct maildir.
In the end i have just left things like that and told my clients that for the best security they SHOULD use TLS but it seems I cant enforce this.
Can anyone from plesk shed some light on this?
I discovered that to force TLS I just have to change the variable IMAP_TLS_REQUIRED to 1.
This variable lives in /usr/lib/courier-imap/etc/imapd-ssl or /etc/courier-imap/imapd-ssl on a 7.5.4 box.
In theory with this variable set courier should only allow users to login when they use TLS.
Unfortunately after making IMAP_TLS_REQUIRED=1 all my mailclients hang. So then I checked the logs and discovered that the daemon is logging in ok but its trying to read "maildir=/root" rather then "maildir=/var/qmail/mailnames/DOMAINNAME/USERNAME/Maildir".
Even stranger is that if i set IMAP_TLS_REQUIRED=0 and force the client to use TLS courier works fine and reads the correct maildir.
In the end i have just left things like that and told my clients that for the best security they SHOULD use TLS but it seems I cant enforce this.
Can anyone from plesk shed some light on this?