On Tue, 17 Jun 2003, Ben Poliakoff wrote: > When it comes to sieve, I'd really like to be able to do the same sort > of thing. Right now to support a cgi/web based sieve client (like > websieve, easysieve, squirrelmail's sieve plugin, or Horde's Ingo - > none of which support STARTTLS) I need to set "allowplaintext: yes" in > imapd.conf. And then if I want to protect the traffic between my > cyrus-imap/timsieved server and my webmail server I need to run two > instances of stunnel:
This seems to me like you're solving the problem in the wrong way. You should fix the clients, not force the server to support something that the IETF clearly thinks is a bad idea. > It's awful, but it works and I'll do it because I don't want that > traffic running across our network in cleartext. But of course now I > have clients that might start accidentally doing cleartext imap > connections, since that's now allowed (where it wasn't before). In 2.2 cyrus you can have per-service configuration options. In 2.1 I suppose you can use the -C option to imapd or sieve to cause it to read different imapd.confs. If you wanted to play worse games, you could have the sieve clients connect to a UNIX socket provided by sivtest, but I suspect this is more complicated than you want, especially when the solution is "make the clients do STARTTLS". > Obviously it would be really nice if we had a crop of web based sieve > clients that supported STARTTLS (and I'm investigating what it might > take to patch the PHP/Pear Net_Sieve class, used by Horde's Ingo, to > support STARTTLS). This is definately what you want to patch, not the server. The server is already providing the needed functionality. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
