I just configured my IMAP server to use TLS. I did 'not' disable plain text login but if the client is configured to check for TLS, it's available and the connection is made encrypted rather than plain text. My question is how can I force all IMAP connections to my server to use TLS rather than plain text from RoundCube? _______________________________________________ List info: http://lists.roundcube.net/users/
First you have to inform the imap server you are using.
If it's dovecot, you can use the following:
disable_plaintext_auth = yes
and it will only allow plaintext auth coming from localhost, which is good idea if your webmail is hosted in the same machine.
This way roundcube authenticates (localhost to localhost) without encryption and all other hosts must use TLS otherwise are rejected.
2009/7/13 Carlos Williams carloswill@gmail.com
I just configured my IMAP server to use TLS. I did 'not' disable plain text login but if the client is configured to check for TLS, it's available and the connection is made encrypted rather than plain text. My question is how can I force all IMAP connections to my server to use TLS rather than plain text from RoundCube? _______________________________________________ List info: http://lists.roundcube.net/users/
can
List info: http://lists.roundcube.net/users/
On Mon, Jul 13, 2009 at 10:28 AM, Eden Caldasedencaldas@gmail.com wrote:
First you have to inform the imap server you are using.
If it's dovecot, you can use the following:
disable_plaintext_auth = yes
I have "disable plaintext_auth = no"
I don't want to disable plain text but I do have TLS as an option if you wish to set up your client to use it. My question is how do I force RC as the client to use TLS when users are connecting to Dovecot? If I set 'plaintext_auth = no", then users who have no TLS configuration in Outlook or Thunderbird fail to retrieve their email. I don't want to do that. Just have the option of using it if it's available (which it is).
and it will only allow plaintext auth coming from localhost, which is good idea if your webmail is hosted in the same machine.
My RC / Webmail server is not the same (localhost) as my IMAP (Dovecot) server.
This way roundcube authenticates (localhost to localhost) without encryption and all other hosts must use TLS otherwise are rejected.
List info: http://lists.roundcube.net/users/
Edit your main.inc.php file in roundcube config dir and change these two lines:
$rcmail_config['default_host'] = 'ssl://hostname_or_ip_address:993'; $rcmail_config['default_port'] = 993;
You can also set this for SMTP auth $rcmail_config['smtp_server'] = 'ssl://hostname_or_ip_address';
Don't mind the SSL instead of TLS
Hope this is what you need.
Eden
2009/7/13 Carlos Williams carloswill@gmail.com
On Mon, Jul 13, 2009 at 10:28 AM, Eden Caldasedencaldas@gmail.com wrote:
First you have to inform the imap server you are using.
If it's dovecot, you can use the following:
disable_plaintext_auth = yes
I have "disable plaintext_auth = no"
I don't want to disable plain text but I do have TLS as an option if you wish to set up your client to use it. My question is how do I force RC as the client to use TLS when users are connecting to Dovecot? If I set 'plaintext_auth = no", then users who have no TLS configuration in Outlook or Thunderbird fail to retrieve their email. I don't want to do that. Just have the option of using it if it's available (which it is).
and it will only allow plaintext auth coming from localhost, which is
good
idea if your webmail is hosted in the same machine.
My RC / Webmail server is not the same (localhost) as my IMAP (Dovecot) server.
This way roundcube authenticates (localhost to localhost) without
encryption
and all other hosts must use TLS otherwise are rejected.
List info: http://lists.roundcube.net/users/
List info: http://lists.roundcube.net/users/
On Mon, Jul 13, 2009 at 11:02 AM, Eden Caldasedencaldas@gmail.com wrote:
Edit your main.inc.php file in roundcube config dir and change these two lines:
$rcmail_config['default_host'] = 'ssl://hostname_or_ip_address:993'; $rcmail_config['default_port'] = 993;
Huh - I though TLS was different from SSL. Does TLS run on port 993? I though TLS could run on port 143 or perhaps I am confused. I am not sure because I changed the settings recommended above and was unable to login any longer via RC. _______________________________________________ List info: http://lists.roundcube.net/users/
Carlos Williams wrote:
On Mon, Jul 13, 2009 at 11:02 AM, Eden Caldasedencaldas@gmail.com wrote:
Edit your main.inc.php file in roundcube config dir and change these two lines:
$rcmail_config['default_host'] = 'ssl://hostname_or_ip_address:993'; $rcmail_config['default_port'] = 993;
Huh - I though TLS was different from SSL. Does TLS run on port 993? I though TLS could run on port 143 or perhaps I am confused. I am not sure because I changed the settings recommended above and was unable to login any longer via RC.
They are different. In Roundcube, the "ssl://" prefix means "connect using SSL immediately," which only works when the server is expecting an SSL connection; for example, the Dovecot "imaps" service on port 993.
If I was paying attention in the Dovecot thread, I think you've got regular IMAP on port 143, with optional TLS via STARTTLS. Roundcube only began supporting STARTTLS with the latest version, 0.2.2. I gather from the docs that you would simply change the "ssl://" to "tls://" to get it working. _______________________________________________ List info: http://lists.roundcube.net/users/
On Mon, Jul 13, 2009 at 1:01 PM, Michael Orlitzkymichael@orlitzky.com wrote:
They are different. In Roundcube, the "ssl://" prefix means "connect using SSL immediately," which only works when the server is expecting an SSL connection; for example, the Dovecot "imaps" service on port 993.
Yes - this is what I learned from the Dovecot thread you noted. Good stuff!
If I was paying attention in the Dovecot thread, I think you've got regular IMAP on port 143, with optional TLS via STARTTLS.
Thats correct.
Roundcube only began supporting STARTTLS with the latest version, 0.2.2. I gather from the docs that you would simply change the "ssl://" to "tls://" to get it working.
Oh, I will try that and see what happens. Hopefully my version supports it...
Thanks again! _______________________________________________ List info: http://lists.roundcube.net/users/
I tried changing my following settings in RC config file and I was then unable to even login.
$rcmail_config['default_host'] = 'tls://mail.iamghost.com'; $rcmail_config['default_port'] = 143; $rcmail_config['imap_auth_type'] = check; $rcmail_config['smtp_server'] = 'tls://mail.iamghost.com'; $rcmail_config['smtp_port'] = 25; $rcmail_config['smtp_user'] = '%u'; $rcmail_config['smtp_pass'] = '%p'; $rcmail_config['smtp_auth_type'] = '';
I changed "mail.iamghost.com" to what you see above and was then unable to login. I don't know what I am doing wrong. I need this webmail application to support TLS & SASL authentication...
Anyone have any ideas?
-- Carlos _______________________________________________ List info: http://lists.roundcube.net/users/
-
Carlos Williams -
Eden Caldas -
Michael Orlitzky