NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-05

Re: IMAP with SSL ports

From: Ben Rosengart (br+postfixpanix.com)
Date: Mon May 03 2004 - 15:59:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 03, 2004 at 03:45:34PM -0500, Tom Warfield wrote:
> Anyone know what ports my firewall needs to have open for IMAP using the
> "this server requires a SSL connection" option.

There are two modes: SSL-wrapped IMAP (also known as IMAPS) on port
993, and IMAP with integrated SSL through the STARTTLS option on the
ordinary IMAP port.

> Looking in Outlook it shows the ports as SMTP at 25 and IMAP at 993. Okay I
> know that IMAP is normally at port 143 unless you are using the SSL option.
> But how is SMTP going to deal with the SSL requirement? I thought that the
> port 25 would be dealt with by only postfix, and if that is true then I
> guess Postfix is going to setup the SSL tunnel between the client and the
> email server.

Again, two modes: SMTPS on port 465, and STARTTLS on port 25.

Capable IMAP and ESMTP servers advertise STARTTLS; it is then up
to the client to request them.

  % telnet mail 143
  Trying 166.84.1.78...
  Connected to mailspool.panix.com.
  Escape character is '^]'.
  * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
  THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS]
  Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See
  COPYING for distribution information.

  % telnet mail 25
  Trying 166.84.1.79...
  Connected to mailspool.panix.com.
  Escape character is '^]'.
  220 mailspool2.panix.com ESMTP Postfix
  ehlo foo
  250-mailspool2.panix.com
  250-PIPELINING
  250-SIZE 27525120
  250-VRFY
  250-ETRN
  250-STARTTLS
  250-AUTH PLAIN LOGIN
  250-XVERP
  250 8BITMIME

> My goal is to have all email between the client and the machines encrypted.
> Including there passwords/usernames as well. Is doing IMAP-SSL going to
> accomplish this???

Yes.

> Also is there any other ports besides 25 and 993 that I need the email
> server to have open..something im missing here?

It depends whether you go with the wrapped modes or the integrated
modes. I personally prefer the integrated modes, although Panix
supports both types where applicable. (POP3 lacks a widely-implemented
STARTTLS option.)

--
Ben Rosengart (212) 741-4400 x215
To accuse others for one's own misfortunes is a sign of want of education.
To accuse oneself shows that one's education has begun. To accuse neither
oneself nor others shows that one's education is complete. -- Epictetus

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]