webmail tls/ssl issues

kmpanilla

Member
Oct 24, 2003
20
0
151
I am in the process of trying to make my box PCI complaint.

This requires disabling plain-text authentication logins. I have been able to
do so on pop3/imap by setting:
IMAP_TLS_REQUIRED=1
and
POP3_TLS_REQUIRED=1
in the appropriate configs.

Unfortunately, this causes squirrelmail and horde to break because TLS is
required.

Are there some options.. to tell horde/squirrelmail to use
imaps instead of imap? I would also like to make sure they smtp+auth over SMTP
with TLS/SSL. Is there an option for this, or can there be as well?

thanks,

-c
 

kmpanilla

Member
Oct 24, 2003
20
0
151
I'm not referring to https:// vs http://, but the actual IMAP/POP session the webmail client makes to the server. Using imap/ssl or imaps instead of just plain imap. Or making sure TLS is accepted/required.
 

kmpanilla

Member
Oct 24, 2003
20
0
151
I was able to hack the webmail applications to connect via imaps to my server hostname, instead of localhost using imap. This appeared to fix the issues with webmail apps breaking after disabling plaintext logins. Unfortunately, this will require me to patch the apps everytime I upgrade cPanel so as to not break them again. What a pain.
 

p1mp

Registered
Apr 10, 2008
2
0
51
kmpanilla,

I am in the same situation can you let us know the process of working up a fix for the web applications?
 
Thread starter Similar threads Forum Replies Date
H Email 5
M Email 1
M Email 2
H Email 1
psytanium Email 11