This is a discussion on Merc4.01a: SSL troubles -> suggestion - Pegasus ; Hi folks, native SSL support by POP3 and IMAP4 modules in Merc 4.01a is a good idea, but its usefullness is very limited because it supports only STLS on 25 and 143 ports and not full SSL tunnels on port ...
native SSL support by POP3 and IMAP4 modules in Merc 4.01a is a good
idea, but its usefullness is very limited because it supports only STLS
on 25 and 143 ports and not full SSL tunnels on port 993 and 995.
SSL tunnels are considered "obsolete" (in WinPMail help), but there are
still around many clients that support only SSL tunnels and not STLS
(like Outlook 5). We are a large academic environment and we cannot
force everyone to upgrade to the newest and greates clients supporting
STLS or even change their clients (or even platforms for reading email).
What we did with Merc 3.32 is that we installed a separate s-tunnel
application accepting SSL connections and forwarding unencrypted connections
to Mercury running on the same machine. Mercury itself was configured
to refused non-localhost connections.
After upgrade to 4.01a, we had do stick on the same solution:
accept non-encrypted connections from localhost only and keep external
SSL tunnel app.
We would like to allow anyone connectiong to either 993/995 via SSL
tunnel or to encrypted 25/143 with STLS. But this cannot be reached
with Merc 4.01a.
My suggestion is following. If any of the 2 items was implemented, it
would be a big SSL-support improvement:
1) support pure SSL tunnels on ports 993 and 995 -> no need for
external SSL tunnel. One SSL is implemented, this is an easy task.
2) to existing 2 possible values for connection control (allow, refuse),
add a 3rd one: accept only encrypted connection (I mean "require STLS") ->
external application on localhost would handle SSL-tunelled connections
without STLS, as it is doing now.
Thanks in advance for considering this.