Secure Mail Login (Lame question) Is there a secure IMAP login without SSL?

We want to protect our external users' passwords from easy sniffing on the wire in the wild Internet (since users are in LDAP, these passwords may also be used for interactive logins to the servers, so keeping them in the open is not a good idea). As you may infer from my questions, I'm not too strong in this area yet.
I understand that we can set up SSL/TLS wrappers or use native support for SMTPS, POP3S and IMAPS, or even set up a VPN server; however there are a number of clients (i.e. certain PDA's and cell phones) which don't suggest even tweaking the server port number, and only work over standard SMTP/IMAP/POP3.
As much as I understand, this security stuff has long ago been such a problem that SMTP evolved several different ways of secure authentication. One is STARTTLS where a supporting SMTP server/relay and client can use enhanced commands on a normal SMTP port (tcp/25) to switch from plaintext to TLS-protected dialog on-the-fly (and use authentication after this step).
I believe (but may be wrong doing so) there may also be a way when the user password submission for SMTP authentication is cryptographically protected, but the rest of the dialog is in plaintext. (Basically, IIRC, one or a few lines are protected by sending a hash of the password instead of the plain or BASE64 password string).
I wonder if similar standard mechanisms exist for POP3 and IMAP at all, and if they are implemented in Sun Messaging Server in particular.
And where should I best read up on these subjects? :)

JimKlimov wrote:
As much as I understand, this security stuff has long ago been such a problem that SMTP evolved several different ways of secure authentication. One is STARTTLS where a supporting SMTP server/relay and client can use enhanced commands on a normal SMTP port (tcp/25) to switch from plaintext to TLS-protected dialog on-the-fly (and use authentication after this step). Messaging server supports providing a SSL encrypted port (465) and also providing STARTTLS on a plain-text port (e.g. 25).
The quickest way to enable this is to run:
./msgcert generate-certDB
./imsimta cnbuild;./imsimta restartThis will generate a self-signed certificate (not appropriate for production usage but fine for testing). To verify that it is working perform the following steps:
telnet <mail-server> 25
ehlo blah.comYou should see a line that says "250-STARTTLS".
If you want to enable the SSL port (465), uncomment the following line in the dispatcher.cnf file:
TLS_PORT=465You will need to run ./imsimta cnbuild;./imsimta restart for the change to become active.
I believe (but may be wrong doing so) there may also be a way when the user password submission for SMTP authentication is cryptographically protected, but the rest of the dialog is in plaintext. (Basically, IIRC, one or a few lines are protected by sending a hash of the password instead of the plain or BASE64 password string).The mechanisms you refer to are all discussed here:
http://docs.sun.com/app/docs/doc/819-4428/bgbau?a=view
Note however that "To work, the CRAM-MD5, DIGEST-MD5, or APOP SASL authentication methods require access to the users’ plaintext passwords. ".
I wonder if similar standard mechanisms exist for POP3 and IMAP at all, and if they are implemented in Sun Messaging Server in particular.
And where should I best read up on these subjects? :)Refer to manual page listed earlier and the following manual page:
http://docs.sun.com/app/docs/doc/819-4428/bgbba?a=view
Regards,
Shane.

Similar Messages

  • Is there is any way that multiple SSL identities out of a single DS instanc

    Hi All,
    I am facing bit challenging question:
    Is there is any way that multiple SSL identities out of a single DS6.2 instance, and DS6.2 instances cant be convinced to replicate over SSL successfully using only a single shared SSL identity across many instances.
    I am trying to find out that is there is a way to use multiple SSL identities out of one instance of DS6.2 ; and configure accordingly, with client facing service using a shared common identity and replication using distinct identities.
    Thanks
    Pramod

    You can look at the code that that page (website) uses and create an overriding rule to set the cursor in [http://kb.mozillazine.org/userContent.css userContent.css] or [https://addons.mozilla.org/firefox/addon/2108 Stylish]
    See http://kb.mozillazine.org/Editing_configuration#How_to_edit_configuration_files
    Can you post a link?

  • HT5312 i need help with the security questions is there some way to get you to remind me what they were from e-mail or other wise

    I need help with the security Questions is there some way to get you to remember them by e-mail of other wise

    Read the HT5312 page that you posted from, it has instructions for how to reset them i.e. if you have a rescue email address set up on your account then steps 1 to 5 half-way down that page should give you a reset link.
    If you don't have a rescue email address then you will need to contact iTunes Support / Apple in your country to get the questions reset.
    Contacting Apple about account security : http://support.apple.com/kb/HT5699
    When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 page that you posted from to add a rescue email address for potential future use

  • I can not remember my security questions is there any way i can change them so i can purchase things on itunes?

    can not remember my security questions is there any way i can change them so i can purchase things on itunes?

    Alternatives for Help Resetting Security Questions and Rescue Mail
         1. Apple ID- All about Apple ID security questions.
         2. Rescue email address and how to reset Apple ID security questions
         3. Apple ID- Contacting Apple for help with Apple ID account security.
         4. Fill out and submit this form. Select the topic, Account Security.
         5.  Call Apple Customer Service: Contacting Apple for support in your
              country and ask to speak to Account Security.
    How to Manage your Apple ID: Manage My Apple ID

  • I need to reset my security questions however there is no option to send a reset link to email address anyone help?

    I need to reset my security questions however there is no option to send a reset link to email address anyone help?

    Go to https://getsupport.apple.com ; click 'See all products and services', then 'More Products and Services, then 'Apple ID', then 'Other Apple ID Topics' then 'Forgotten Apple ID security questions'.

  • How can i reset my security questions and there is no reset my questions below it any help plz

    how can i reset my security questions and there is no reset my questions below it
    any help plz

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (101110)

  • How can I reset my security questions. There's no reset option

    how can I reset my security questions. There's no reset option

    If you didn't previously set up a rescue email address and have forgotten more than one of the answers, you can't do this on your own. Contact Apple either through the link in that article or by phoning them.
    (76560)

  • TS2446 I can not purchase on ITunes for the first time because I forgot the answer to my security questions, is there a way I can log into my account and figure out the awensers to the questions?

    I can not purchase on ITunes for the first time because I forgot the answer to my security questions, is there a way I can log into my account and figure out the awensers to the questions?

    Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities

  • I can't find an option to add a recovery email for the purpose of resetting my security questions. There is also no option when I am in the "manage my account" area that lets me reset my security questions. How can I reset them?

    I can't find an option to add a recovery email for the purpose of resetting my security questions. There is also no option when I am in the "manage my account" area that lets me reset my security questions. How can I reset them?

    1. See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities.
    2. Here are two different but direct methods:
        a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
        b. Call Apple Support in your country: Customer Service: Contacting Apple for support
            and service.
    3. For other queries about Apple ID see Frequently asked questions about Apple ID.
    4. Rescue email address and how to reset Apple ID security questions
    5. For online assistance use Apple - Support - Express Lane

  • Forgot your security questions and there was no alternative to email what to do please reply

    Forgot your security questions and there was no alternative to email what to do please reply ,,
    I do not know retrieved questions of security and there was no alternative to this email account in Alabestor
    [email protected]

    You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (109187)

  • I forgot the answers to my apple security questions and there's no link to reset them. Is there any way to do it without calling them? I do have a rescue email.

    I cannot seem to find a way to reset my security questions without call apple. I looked to see if there was a link under the questions but there was not.

    The rescue email should give you the procedure for changing the answers.  If that does not help you can call Apple at the number for your location from http://support.apple.com/kb/HE57 and ask to speak with Account Security.

  • HT204088 iTunes is telling me that I have not purchased from my iPhone before although I have multiple times, and I don't remember my security questions and there is no option to change them. Any suggestions other than making a new account?

    iTunes is telling me that I have not purchased from my iPhone before although I have multiple times, and I don't remember my security questions and there is no option to change them. Any suggestions other than making a new account?

    If you create a new Apple ID you won't have access to the media purchased with the Apple ID you are currently using.
    Try here > Rescue email address and how to reset Apple ID security questions

  • TS3988 forgot security questions is there any way to reset?

    I forgot security questions is there any way to reset?

    Click here for information. If the option to have the answers emailed to you isn't available or doesn't work(the email may take a few hours to arrive), contact the iTunes Store staff via the link in that article.
    (88222)

  • HT5312 I forgot  security questions, and there is no rescue email, what should i do?

    I forgot  security questions, and there is no rescue email, what should i do?

    If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support or Apple to get the questions reset.
    e.g. you can try contacting iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Account Management , and then 'Forgotten Apple ID security questions'
    or try ringing Apple in your country and ask to talk to the Accounts Security Team : http://support.apple.com/kb/HE57
    When they've been reset you can then use the steps half-way down the page that you posted from to add a rescue email address for potential future use.

  • I forget  my security question and there is no reset chose how can i reset it ?

    I forget  my security question and there is no reset chose how can i reset it ?

    You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
    They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
    (112273)

Maybe you are looking for

  • I have an issue with the address browser in mail in Yosemite

    I am using IOS 10.10.1 now on an iMac and have discovered an issue with the address browser in mail. Previously in my pending to send email toolbar there was a contacts icon which I clicked  on to display my contacts list. I could hold down the Comma

  • Wireless Ethernet suddenly not working!

    Hi everyone. I've noticed some similar problems posted but I believe mine has a unique twist. Two nights ago my powerbook stopped being able to connect to my G5 desktop via wireless. Now, before I explain my whole set up, the catch is this: Not only

  • Is any Logic 8 (Studio) user able to open STP with audio units plug-ins?

    All of my 3rd party audio units plug-ins work with Logic 8: UAD, Powercore, PSP, NomadFactory, and RND. MainStage and WaveBurner open without any problems. Soundtrack Pro will only open if all of my AU plug-ins are removed to a "Components (Disabled)

  • Tomcat + wle 5.1

              i write a c++ corba object in wle5.1,and write a java client (application) to invoke           it,sucess.           but i chage this java client into a servlet.and execute it in tomcat 4.0.3, i use           jdk1.2.2,and put M3envobj.jar an

  • Problems installing Adobe Audition

    Has anyone else had trouble installing Audition from the provided downloads??  My installer starts, asks for language.. English, but then disapears.  No further prompts and the wizard never launches. I've been able to install the other programs short