webmail tls/ssl issues

[kmpanilla]

I am in the process of trying to make my box PCI complaint.

This requires disabling plain-text authentication logins. I have been able to
do so on pop3/imap by setting:
IMAP_TLS_REQUIRED=1
and
POP3_TLS_REQUIRED=1
in the appropriate configs.

Unfortunately, this causes squirrelmail and horde to break because TLS is
required.

Are there some options.. to tell horde/squirrelmail to use
imaps instead of imap? I would also like to make sure they smtp+auth over SMTP
with TLS/SSL. Is there an option for this, or can there be as well?

thanks,

-c

 

[cPanelDavidG]

I know Horde in particular will behave differently if you connect via https:// vs. http://. I'm not sure if it will work, but have you tried connecting via https://Domain.com:2096 to Horde and see if Horde still breaks?

 

[kmpanilla]

I'm not referring to https:// vs http://, but the actual IMAP/POP session the webmail client makes to the server. Using imap/ssl or imaps instead of just plain imap. Or making sure TLS is accepted/required.

 

[tvcnet]

Hi.
I'm very curious on this as well.
Anyone have a solution to this in order to better improve cPanel security?

Thanks,
Jim
TVC.Net

 

[kmpanilla]

I was able to hack the webmail applications to connect via imaps to my server hostname, instead of localhost using imap. This appeared to fix the issues with webmail apps breaking after disabling plaintext logins. Unfortunately, this will require me to patch the apps everytime I upgrade cPanel so as to not break them again. What a pain.

 

[p1mp]

kmpanilla,

I am in the same situation can you let us know the process of working up a fix for the web applications?

 

[kmpanilla]

Attached are the patches I used to have webmail clients set to SSL connections. Of course you have to apply them each time after an upgrade.