bug-mailutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] Re: tls problems

From: Wojciech Polak
Subject: [bug-mailutils] Re: tls problems
Date: Sat, 18 Jan 2003 23:13:03 +0100 
On Sat, 18 Jan 2003 22:38:01 +0100 Sergey Poznyakoff wrote:

>> Can you give me an example fetchmailrc?
> 
> Try this one:
> 
> poll HOSTNAME port 143 proto imap user USER with pass PASS
>  sslproto tls1
>  sslcert PATH_TO_CERT_FILE
>  sslkey PATH_TO_KEY_FILE
>  is LOCAL_USER here

Yes, although sslproto, sslcert, and sslkey are not required
for a client. You can also specify something like this:

 poll localhost protocol imap username YOUR-USERNAME
    pass YOUR-PASSWORD mda "/usr/bin/procmail -f %F -d YOUR-USERNAME"

>> Hmm. Maybe I got things very mixed up. I thought we had added ssl
>> support to mailutils, this is, it could now operate as a imap4s service.
>> 993 is the portnumber for imaps, that's why I was doing that.
> 
> Well, not quite so. The functionality added is known as 'TLS support'
> (RFC 2595). It operates on good old port 143.

Yeap :-).

I can only add that port numbers like 993 (imaps) or 995 (pop3s) are reserved
for services, which by default are listening on a secure channels.
For instance: imap4d+stunnel or pop3d+stunnel. This means that there is no way
to connect to them en clair. When a server supports TLS/SSL (RFC 2595) by
itself, like gnu-pop3d does now (and gnu-imap4d), then it is okay to run them
on their common port numbers, i.e. 143 for imap and 110 for pop3. You can
connect to them en clair and you (a client) decide whether you want to use TLS,
or not. This check is done by the CAPA command (pop3) or the CAPABILITY
command (imap4), and if it is possible, then a client encrypts session
with STLS command (pop3) or STARTTLS command (imap).

Kind regards,
Wojciech Polak
reply via email to
[Prev in Thread] Current Thread [Next in Thread]