Require SSL for IMAP (and possibly, SMTP)

Hello,
I'm having quite a bit of trouble changing the server configuration to require SSL for IMAP connections on the server side.  (Ideally, I'd like to require SMTP to send email as well, but not require for outbound connections from other hosts as it may stop message delivery.)
If anyone has had luck doing this on OS X Mountain Lion / Server.app it would be great if you could share your steps?
Thx.

It would be helpful is you could explain what your experience is, since there are many possibilities and knowing what you're encountering would help.
The most obvious/common issue is that IMAPS (IMAP+SSL) uses port 993, not the normal IMAP 143.
If your clients are configured to only use 143 then they will break until they're reconfigured to use 993.
Since you don't mention whether you've checked port numbering, it's impossible to tell if that's your issue or not.
As for SMTP, if your mail server accepts mail from any external hosts then you do NOT want to require SSL. Few, if any, remote mail servers support SSL for SMTP, so you'll just block any external servers from sending mail to your domain. I doubt your users want that.

Similar Messages

  • How to use SquirrelMail and Require SSL for IMAP Service?

    Hello,
    Mac OS X Server v.10.4.9 – Open Directory Master
    Providing POP, IMAP, SMTP, web services including webmail via SquirrelMail.
    PHP v.4.4.4 Nov. 1, 2006
    OpenSSL v.0.9.7l Sept. 2006
    I need to require SSL for IMAP access, however, I also need to provide webmail access. SquirrelMail does support TSL it seems and that can be configured from /etc/squirrelmail/config/conf.pl and is discussed briefly here: http://www.squirrelmail.org/wiki/SquirrelMailIMAPS .
    When I turn on TSL on SquirrelMail and change the IMAP port number to 993 attempting to log into SquirrelMail provides the following error:
    Bad request: IMAP server does not appear to support the authentication method selected. Please contact your system administrator.
    According to the above noted page from the SquirrelMail site one needs PHP 4.3 and SSLv3 in order for TSL to work, one must also connect to the IMAP server over port 993. Requirements I appear to meet.
    So – how can one require the use of SSL for IMAP and still provide webmail access via SquirrelMail?
    I have reviewed these three threads:
    http://discussions.apple.com/thread.jspa?threadID=912841&tstart=75
    http://discussions.apple.com/thread.jspa?messageID=1457773&#1457773
    http://discussions.apple.com/thread.jspa?messageID=3921004&#3921004
    However they do not answer the fundamental question of how to use SquirrelMail with SSL required by IMAP. Essentially the conversation revolves around working around the SSL requirement or forgoing it.
    Thank you for any assistance.

    David,
    Yet from time to time these same users are in a
    circumstance where they need to use webmail, thus
    SquirrelMail needs to work. I am not trying to
    secure webmail by requiring SSL.
    I see, your problem. In this particular case there is a workaround.
    Use different ports for postfix and cyrus limited to localhost, thus catering only to SquirrelMail, thus not needing TLS.
    Roughly do this (this is just off the top of my head, may contain errors):
    For SMTP / Postfix:
    Edit /etc/postfix/master.cf
    and add:
    465 inet n - n - - smtpd
    -o smtpdrecipientrestrictions= permit_mynetworks,reject
    -o mynetworks=127.0.0.1/32
    -o smtpdenforcetls=no
    # This will create a port 465 (if you use this alreay pick another one. choose the number wisely, depending ony what is in use on your server)
    # This port is only accessible to IP number in "mynetworks"
    For IMAP / Cyrus
    Edit /etc/cyrus.conf and add (below imap):
    imaplocal cmd="imapd -C /etc/imapd-local.conf" listen="127.0.0.1:imap" prefork=0
    Next duplicate /etc/imapd.conf and name it imapd-local.conf
    Edit /etc/imapd-local.conf
    Change
    tlsserveroptions: require
    to
    tlsserveroptions: use
    Next edit:
    /etc/services
    and create a port called "imaplocal"
    (you could probably recycle 585 wich is deprecated, check what is in the services file, make sure no duplicate port numbers).
    should look something like:
    imaplocal 585/udp
    imaplocal 585/tcp
    When done with all config files:
    Save & restart mail services
    Point SquirrelMail to the new ports wich should only be accessible to localhost (check with an external client if it holds
    Sorry for the "draft style" post, but I don't have much time.
    Just ask, if anything isn't clear.
    HTH,
    Alex

  • Why an organization require SSL for Shared Web Applications?

    Hi
    what is ssl and why an organization  require SSL for Shared Web Applications?
    adil

    Hi adil,
    Secure Socket Layer (SSL) is an encrypted communication protocol which uses encryption certificates. For more information about SSL in SharePoint, please refer to:
    http://technet.microsoft.com/en-us/magazine/2009.09.insidesharepoint.aspx
    http://technet.microsoft.com/en-us/library/cc262366(v=office.15).aspx
    SSL is supported for server-to-server authentication and app authentication.
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Does Apple have an alternative for adobe flash player I have websites that require it for viewing and they tell me Apple restricts Adobe.

    Does Apple have an alternative for adobe flash player I have websites that require it for viewing and they tell me Apple restricts Adobe.

    Hi Ron.  Timely question!  Try  "Hype"
    http://tumultco.com/hype/ 
    Hype was just released and can be purchased at the Apple App store.   I just got an iphone and resized all my websites will have to be revised. Read about it ...
    http://mobile.informationweek.com/10996/show/4713846be58e278050d7a7921c8f68eb/
    http://m.minyanville.com/?guid=3948&catid=5
    Or go directly to http://tumultco.com/hype/ for tons of info. 

  • I will be buying the new IMac 27 inch in December. Would like input on the best configuration for photographic and possibly video processing-dream machine!

    I will be buying an IMac 27 inch in December. What is the best configuration for photo and possibly video processing.Does one need a Mac Pro? Dream machine!

    Just to explain what I just wrote to Laundry Bleach:
    Why is there no iDVD on my new Mac?
    https://discussions.apple.com/docs/DOC-3673
    UPDATE & ADDENDUM:
    But even though you can still buy iLife 11 that includes iDVD 7 from Amazon, Apple now make it difficult to install:
    Poster jhb21939 posted this in another thread:
    “when I attempted to load iDVD into a new iMac. A notice came up on the screen stating that the 'Authorisation Licence' had expired on 25 March this year (2012).
    I contacted the Apple support team and eventually, I was told that the Licence had been withdrawn and could no longer be used.”
    In other words Apple are now so adamant that we don’t use iDVD that they have tried to make it impossible to install.
    In response, Old Toad posted this solution:
    “You can still use it one all of your Macs.  If you get an invalid certificate message just set your Mac's clock to sometime before early 2011 and run the installer.  After you're done reset the time back to the correct time.” He added this comment:
    “It began after iDVD and iWeb were discontued and they were dropped from the Apple Store. All I can think of is the certificate was set to expire after a certain time period after the intitial iLife disc was released.
    I've been able to use the installer even without setting back the date.  I just clicked on the Continue button and it would work as expected.  For some it would not continue unless the date was set back.”
    The latest anorexic iMacs just announced do not even include a CD drive! Proof positive that Apple virtually prohibit the use of DVDs - although the newly announced Mac Minis do include a Superdrive.
    Yet, they still include iMovie! Heaven alone knows or understands what you are supposed to do with your newly edited masterpiece - except make a low quality version for YouTube?

  • Where are the settings to invoke SSL for POP3 and SMTP?

    I keep getting annoying emails from Yahoo!AT&T who are my internet providers about setting SSL settings for POP3 and SMTP services for receiving emails.  I have it configured on my main email settings for my client.  Do I have to set it as well for Blackberry service thru Verizon?
    If so, where are these detailed settings located?
    Thanks,

    Located on your providers BIS site. 
    BlackBerry Help
    www.blackberryboards.com

  • Database componentes required/excluded for RMAN and Grid control repository

    I'm planning creation of a centralized 10gR2 RMAN repository for my production/dev environment, and needed a basic, barebones database. We may also use that same database as a repository for 10g OEM Grid Control in the future, so I wanted to ensure I was prepared for that.
    None of the documentation says anything about particular required components for RMAN, only that a database is needed. So am I allowed to deselect all items from the following DBCA list? I didn't expect any problems with the optional components, but wanted to make sure that RMAN or Grid control would function, were I to disable Oracle JVM or XML DB. My standard loadout (for better or worse) is to include everything in my production/dev databases, and I didn't want that to be the case with this one.
    Database Components:
    Oracle Data Mining
    Oracle Text
    Oracle OLAP
    Oracle Spatial
    Enterprise Manager Repository
    Standard Database Components:
    Oracle JVM
    Oracle XML DB
    Oracle Intermedia

    Thanks. For that matter, do DBA's in the general population install those standard oracle components? I have them there in my default installs just because of the message 'Oracle recommends you have these installed.' in the DBCA screen.

  • Use L2TP/IPsec or SSL for Wiki and Blog?

    Here comes another, slightly embarrising, newbie question…
    The only service I am setting up on the server is the Wiki and Blog. We will only connect to the server through the internet (no public access). There are no clients on the inside.
    Now trying to decide which external firewall to buy.
    Since the only service is the Wiki and Blog, I would spontaneously think that SSL VPN is good becase then we can log in through our web browsers and the Wiki and Blog is to be viewed with the web browser.
    To me it looks like quite a number of firwalls doesn't support SSL VPN (NetGear, D-link, Zyxel).
    I have never used VPN PPTP- or L2TP/IPsec-style. Can I use the web browser still with these protocols to see the Wiki and Blog?
    Cheers,
    HindIII

    I have been reading and reading, but there seems to always be room for "what do they mean by that" or "if they don't write it, its not possible", hehe.
    The NetGear FVX538 states in its specifications "VPN/security: IPsec (ESP, AH), MD5, SHA-1, DES, 3DES, IKE, PKI, AES" and for the FVS336G it says "VPN/security: IPsec (ESP), IKE, PKI, HTTPS"
    Even the full names of the firewalls are, to me, somewhat descriptive: "Prosafe Dual WAN VPN Firewall with 8-port 10/100 Switch FVX528" vs. "Dual Wan Gigabit SSL VPN Firewall FVS336G".
    One can also compare Zyxels "ZyWall 5" and ZyWall SSL 10".
    When I read the manuals, some hardly mention SSL while others (that often are called SSL in their names) have longer sections on how to set up SSL VPN.
    Thanks MrHoffman for your input.
    I hope I soon can decide which external firewall to get. Spontanously, to me it sounds like the built in firewall in 10.6 Server got pretty good specifications. One can do both PPTP and L2PT with Kerberos that is written to be excellent (according to Daniel Eran Dilger, writer of "Snow Leopard Server"). Then I get stuck in searching for Kerberos solutions in the external firewalls, never finds that.
    It seems like I need someone to tell me exactly what to get and exactly what protocols to use :o) I wich I knew as much about servers as I do about my normal profession, hehe.

  • Set new Required Field for MD14 and MD15 for conver from Planned order to P

    Dear all,
    I would like to set new required field (Purchasing Organization)  in T-CODE MD14 and MD15 for convert from Planned Order to PR. What's should I do?
    Please help, I 'm new for MRP.
    Best Regards,
    Kate

    Hi Kate,
    You are not on the right track; MD14 and 15 will choose the PLANNED ORDER population for the conversion. In planned orders there's NO PURCHASING ORGANIZATION DATA (normally)!
    So even if you managed to put the field on the screen, it will not do anything that makes sense.

  • Required upgrades for iPhone and iTunes?

    I am running Mac OS X 10.4 and was wondering what I need to upgrade to to purchase an iPhone and download iTunes 10.

    You need at least 10.5.8, which is the max OS a PPC Mac can run, yet has some shortcomings if you use Calendar Syncing, or 10.6.x if you have an Intel Mac.
    Leopard requirements/10.5.x...
        *  Mac computer with an Intel, PowerPC G5, or PowerPC G4 (867MHz or faster) processor
    minimum system requirements
        * 512MB of memory (I say 2GB at least)
        * DVD drive for installation
        * 9GB of available disk space (I say 30GB at least)
    You have to call Apple & likely ask for a Product Specialist to get it, if they still have it! Helps to tell them you have an iPad/iPhone & you can't run 10.6.
    There are workarounds if the 867MHz is the only hangup...
    http://sourceforge.net/projects/leopardassist/
    Snow Leopard/10.6.x Requirements...
    General requirements
       * Mac computer with an Intel processor
        * 1GB of memory (I say 2GB at least)
        * 5GB of available disk space (I say 30GB at least)
        * DVD drive for installation
        * Some features require a compatible Internet service provider; fees may apply.
        * Some features require Apple’s MobileMe service; fees and terms apply.
    Which apps work with Mac OS X 10.6?...
    http://snowleopard.wikidot.com/
    The other Option is a PC running at least XP SP3, iirc.

  • MMC Password Problem for E71 and Possible Solution

    Hi,
    I wanted to share with you the following (took me some time to figure it out...).
    On E71 there is a possibiity to remotely lock the phone via an SMS with a specific code you can define. Now if you didn't protect the MMC with an own password before, after the remote lock, the MMC will become protected and the password for it is the SMS code you used for the remote lock. Note that the SMS code doesn't have to be the same as the code with which you unlock the phone itself after the remote lock (except of course if you define them both to be the same).
    I hope it helps, at least for some cases. Funny that this is not described in any manual or whatsoever (at least I couldn't find it)....
    This was tested on the E71-1 (33), RM-346, product code 0558786), FW Version 100.07.76, with an original Nokia 8GB microSD-HC MMC memory card.
    Cheers,
    dubi
    Solved!
    Go to Solution.

    I had this same problem. My memory card suddenly getting corrupted, but I managed to solve it. I believe the source of the problem is the Remote Lock and the Device Lock of the unit. I have an E63 unit (same as E71).
    The problem started after I enabled the Device Lock and Remote Lock of my E63 unit. After a couple of hours, I tried to manage my apps in the memory card. To my surprise, it's corrupted! I didn't panic because I believe I could retrieve the files with my PC. But when I inserted my memory card to a memory reader into my PC, the card is unreadable. I had a feeling that the card is really corrupted. But how? I just got this unit almost a day ago. I didn't do anything odd. I'm an OOP-Design Patterns oriented programmer so I'm not newbie when it comes to best practices.
    As I searched the web, I found that there are cases too that had this same exact problem. And their guess is also the Device Lock.
    So what I did is I disable the Remote Lock and the Device Lock. I checked my memory card and it's still corrupted!
    So, I turn off my unit and turn it on again, it's still corrupted!
    I removed the memory card while the unit is on (Make sure you use the remove memory card feature of your unit!!!) and then reinserted the card, and it worked.
    In summary, to solve this memory corrupted problem. Try disabling the Remote Lock and Device Lock. To disable the Device Lock, revert the password to "12345" (Do not type the quotes). Remove the memory card (Use the remove memory card feature of your unit!!!). Re-insert card and problem fixed.

  • POA IMAP and enabling SSL

    I would like to enable SSL to allow external users (mostly users using PDA's, cell phones, etc) to connect to our POA using IMAP. Of course I want to enable SSL for IMAP connections as otherwise it would pass their credentials in plain text.
    I have IMAP running without SSL on port 143 just fine. However, I'm unable to get IMAP to listen on 993 for SSL. I've tried enabling the option using the POA object via ConsoleOne. I've also tried enabling it using the switches in the .POA startup file and neither seems to work.
    I've exported the certificate using the self signed server certificate object in ConsoleOne and pointed the POA object to the certificate in the POA object configuration options and still nothing.
    In the log/settings for the POA I still see...
    Internet Protocol Agent Settings:
    IMAP Agent: Enabled
    IMAP Port for Incoming IMAP requests: 143 (Default)
    IMAP over SSL: Disabled
    Any help is appreciated.
    Thanks,
    Walter Keener
    Network Administrator
    Grandville Public Schools

    OK, I'm making progress. I followed your/Novell's instructions for the CSR to create the certificate and key file and IMAP via SSL appears to be up and running...
    16:59:10 1FB Internet Protocol Agent Settings:
    16:59:10 1FB IMAP Agent: Enabled
    16:59:10 1FB IMAP Port for Incoming IMAP requests: 143 (Default)
    16:59:10 1FB IMAP over SSL: Enabled
    16:59:10 1FB IMAP SSL Agent: Enabled
    16:59:10 1FB IMAP SSL Port for Incoming IMAP requests: 993 (Default)
    However, when I try to connect to IMAP on port 993 via SSL I receive a connection error on the client side. On the POA side I see this message in he log file...
    17:01:32 330 New IMAP session initiated from 10.51.10.88
    17:01:32 330 *** NEW PHYS. CONNECTION, Tbl Entry=5, Socket=235
    17:01:32 330 Return from IMAP [890F]
    17:01:32 330 *** PHYSICAL PORT DISCONNECTED, Tbl Entry=5, Socket=235
    Thanks again for any help you can provide.
    Walter Keener
    Network Administrator
    Grandville Public Schools

  • Setting up Mac for BT and old Talktalk mail

    We changed from talktalk to BT today and I want to set up Mac mail to receive both my mail from my old provider talktalk and also a new bt email address which I set up this morning (and hasn't yet worked....)  
    As I need to receive mail from my old talktalk.net address until everyone has the new BT mail, I need both accounts on my mac mail.  I am able to receive mail on my talktalk address but cannot send using this address/server, it says "cannot send mail using the server talktalk".  It won't connect using the bt server either?
    Can anyone let me know how I receive emails from both, but send using BT and why this isn't working for me (unable to send mail).
    I'm aware I may sound like a complete techno idiot here, but hoping its a simple fix!
    Many thanks
    Solved!
    Go to Solution.

    Presumably as you are no longer with Talk Talk, you no longer have an account on their outgoing mail server. You need to send via the BT SMTP mail server but you need a BTinternet address to authenticate with. I am not familiar with Mac Mail so don't know the details of how to accomplish that but you need to configure the outgoing server with the following details.
    Server mail.btinternet.com
    Port 465
    SSL Yes
    User name your full [email protected] email address
    Password your Btinternet.com password
    Authenticate plain password
    The BT account will be the same details as above for outgoing, for incoming use port 993 and SSL for IMAP or 995 and SSL for POP3.

  • CA / NDES Virtual Directory Structure Missing in IIS 7 unable to implement SSL for ADMIN sites

    We've recently finiallized both an Enterprice 2008 R2 CA and NDES service installtion configuration.  All services are running, to include web enrollment for both.  CA sits on a DC, as required, and the NDES roll sits on a standalone machine. 
    All service generated certificates / templates are in place and or issued including SSL certificates for service web front ends.
    I'm trying to take the next step in hardening both of the web front ends by requiring SSL web validation and client SSL authentication.
    Problem:  When examining the site structures, CA and NDES, within the IIS7 configuration manager the following inconsistancies are present:
         Enterprise CA:
                   o  No virtual directory is configured or listed under the Certsrv or Enrollment sub-sites, however as previously stated all servies are up and operational.
        2.        NDES:
                   o  IIS7 configuration manager doesn't list any Certsrv sub-site, but once again all services are up and runniing.  I can process SCEP requests via the web. 
                       The following 2 items are listed under the default site on the NDES service machine:  Rpc and RpcWithCert    
                       In past experience I would expect those items to be associated with Exchange, but since NDES is new to me they may be standard.
    Not to state the obvious but all Sys32 files and folders  are correct as both services are running properly.  Can anyone tell me if I've missed some critical article on AD CS or IIS7 that tells me why these 2 conditions are present. 
    Since the Certsrv sub-site exists on the CA I would assume a normal SSL bind will work, but with critical items missing from within IIS7 (at least from my view) i don't want to compound the problem..  Since there is no Certsrv
    structure on the NDES machines I'm not sure what the best way to proceed is.  Any help would be greatly appreicated.
    V/R BE

    CA / NDES all function properly.  I'm still reseaching proper IIS 7 SSL implementation, when the virtual directory and sub-site structer is either missing or imcomplete when viewed from within the IIS7 manager.
    These services where put into production without a thurough configuration check prior to implementation, so I don't have a test environment setup at the moment to just start playing.  I'm thinking this weekend I'm going to have to VSS the current
    machines and throw them on the Dev network and see how badly I can break them.
    V/R BE

  • Password Safe for Pre2 and PC

    I'm looking for a tool to store all my passwords etc. to have them available on my Pre2 and also on my PC (even if syncing them obviously is not possible automatically in webOS - which is a standard in Windows Mobile!). Up to now I only found SecuStore having both a webOS and a Windows client. Unfortunately the Windows version is 0.0.5 and I would not like to hand over my sensible data to such an Alpha version.
    Does anyone have any other recommendations?
    Post relates to: Pre 2 p102ueu (Unlocked EU)

    If your OS for the PC is Windows XP, then you will require SP1 for WPA and SP2 for WPA2. If you're already at either of these service pack levels, then the problem might be one of two things:
    o The PC wireless configuration, or
    o The PC's wireless chipset.
    Check out the following iFelix article on connecting a PC to an AirPort wireless network: Accessing a Airport Network with a Windows XP PC or laptop (with XP SP2) You'll see that he has several other helpful Windows links as well.

Maybe you are looking for

  • Counting Over Last 3500 appearances with Where Clause

    I'm Using Sql Server Studio 2014 I have a Table containing the following columns: AutoId  Assembly_No  [Rank]    1          Assembly1       2 2          Assembly2       1 3          Assembly1       2 4          Assembly1       1 5          Assembly1 

  • URGENT!! all the JAVA EXPERTS plssss help me!!

    thanks for replying me....i m actually doing a coursework that i have to submit by next monday 29/4/2002. and i havent finish it yet.... ok .. finally i have finish level 1, now i m doing level two... my program in level 2 should : a.) Allow the user

  • Oracle 10G Performance Tuning

    A colleague of mine supplied me with a tuning script to help in my performance analysis of a 10.2.0.1 Oracle database. The script is called: responsetimebreakdown.sql Apparently this was designed for 8i as it cannot find the sys.x_$ksles (session eve

  • I Cannot Tag Applications in 10.9

    I am trying to Tag all my games, etc...  Right Click won't work and neither will Get Info...  The Tags appear, but they are greyed out and wont let me select any of them...  I have no problem with tagging Documents, but I have only found 4 Applicatio

  • Design View Tab

    Design view tab is not showing in the NetBeans IDE with JFRAME is anyone may have an answear? Only source code is available.