The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

webmail tls/ssl issues

Discussion in 'E-mail Discussions' started by kmpanilla, Apr 8, 2008.

  1. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I am in the process of trying to make my box PCI complaint.

    This requires disabling plain-text authentication logins. I have been able to
    do so on pop3/imap by setting:
    IMAP_TLS_REQUIRED=1
    and
    POP3_TLS_REQUIRED=1
    in the appropriate configs.

    Unfortunately, this causes squirrelmail and horde to break because TLS is
    required.

    Are there some options.. to tell horde/squirrelmail to use
    imaps instead of imap? I would also like to make sure they smtp+auth over SMTP
    with TLS/SSL. Is there an option for this, or can there be as well?

    thanks,

    -c
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I know Horde in particular will behave differently if you connect via https:// vs. http://. I'm not sure if it will work, but have you tried connecting via https://Domain.com:2096 to Horde and see if Horde still breaks?
     
  3. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I'm not referring to https:// vs http://, but the actual IMAP/POP session the webmail client makes to the server. Using imap/ssl or imaps instead of just plain imap. Or making sure TLS is accepted/required.
     
  4. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    Hi.
    I'm very curious on this as well.
    Anyone have a solution to this in order to better improve cPanel security?

    Thanks,
    Jim
    TVC.Net
     
  5. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I was able to hack the webmail applications to connect via imaps to my server hostname, instead of localhost using imap. This appeared to fix the issues with webmail apps breaking after disabling plaintext logins. Unfortunately, this will require me to patch the apps everytime I upgrade cPanel so as to not break them again. What a pain.
     
  6. p1mp

    p1mp Registered

    Joined:
    Apr 10, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    kmpanilla,

    I am in the same situation can you let us know the process of working up a fix for the web applications?
     
  7. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Attached are the patches I used to have webmail clients set to SSL connections. Of course you have to apply them each time after an upgrade.
     

    Attached Files:

Loading...

Share This Page