SOGo - BTS - SOGo
View Issue Details
0000460SOGoBackend Mailpublic2010-02-25 21:432010-08-25 10:05
ayearout 
ludovic 
normalfeatureN/A
resolvedfixed 
1.2.1 
1.3.2 
0000460: Patch for IMAP SSL support
The attached patch enables a Boolean domain preference (SOGoIMAPUseSSL) to easily toggle SSL support for IMAP servers.
No tags attached.
has duplicate 0000484closed  No way to specify IMAP port 
has duplicate 0000332closed  IMAPs support 
diff sogo-imap-ssl.diff (1,381) 2010-02-25 21:43
https://sogo.nu/bugs/file_download.php?file_id=88&type=bug
Issue History
2010-02-25 21:43ayearoutNew Issue
2010-02-25 21:43ayearoutFile Added: sogo-imap-ssl.diff
2010-02-25 22:08ludovicNote Added: 0000639
2010-02-25 22:24ayearoutNote Added: 0000640
2010-02-26 17:15ayearoutNote Added: 0000642
2010-02-27 02:44tokulNote Added: 0000644
2010-02-27 17:59ayearoutNote Added: 0000645
2010-03-05 14:23wcronenNote Added: 0000665
2010-03-12 08:37ludovicRelationship addedhas duplicate 0000484
2010-03-16 16:56ludovicRelationship addedhas duplicate 0000332
2010-07-21 17:33ludovicStatusnew => assigned
2010-07-21 17:33ludovicAssigned To => ludovic
2010-07-21 17:33ludovicTarget Version => 1.3.1
2010-08-11 12:20ludovicTarget Version1.3.1 =>
2010-08-25 10:05ludovicNote Added: 0001337
2010-08-25 10:05ludovicStatusassigned => resolved
2010-08-25 10:05ludovicFixed in Version => 1.3.2
2010-08-25 10:05ludovicResolutionopen => fixed

Notes
(0000639)
ludovic   
2010-02-25 22:08   
Instead of introducing an other preference, we should know what do use based on the actual value. Right now we have:

server = foobar;

But could as well support

server = imap://foobar
server = imaps://foobar

and correctly set up SSL.
(0000640)
ayearout   
2010-02-25 22:24   
Agreed. I'd like to sit down and look at implementing proper IMAP URI support.

I personally still would need a domain preference, however. I'm pulling the IMAP hostname from LDAP, and postfix would not take kindly to the inserting of imaps:// while it's trying to figure out mail relaying.
(0000642)
ayearout   
2010-02-26 17:15   
I brainstormed about this last night, and considered possibly changing this to an "encryption type" setting to allow for things like TLS connections (similar to how LDAP connections are done). After digging around, however, I've realized that the SOPE NGStreams library doesn't support TLS connections. They get around this with LDAP by using the OpenLDAP libraries to initiate TLS.

Patching SOPE for TLS is a little beyond the time commitment I'm willing to make. Though I suppose if that were to happen, TLS support could be added for SMTP as well.

This weekend I'm hoping to poke around with IMAPS URI support.

I still personally would want this Boolean preference, but I can certainly understand if it doesn't make it into the releases.
(0000644)
tokul   
2010-02-27 02:44   
Don't confuse TLS with StartTLS. Most of current SSL clients and servers are TLS clients and servers.
(0000645)
ayearout   
2010-02-27 17:59   
Sorry about that. Was referring to StartTLS here.
(0000665)
wcronen   
2010-03-05 14:23   
I agree, there should be SSL-Support (not only StartTLS)!

stunnel doesn't do the job. It works if you don't use Sieve.
stunnel isn't able to support Sieve because Sieve doesn't support SSL (only StartTLS).

One alternative solution would be a new variable for the Sieve-Server in the GNUStep-Config. Then you could use stunnel for IMAPS with "localhost" in GNUStep-Config and the new variable with "yourserver:20000" for sieve.
(0001337)
ludovic   
2010-08-25 10:05   
Fixed in http://mtn.inverse.ca/revision/diff/398d5b0c3ce7ef971f2aa9111d0c4c5da3cba021/with/45563a5428bd14a897f31d8c32c9bec7cafb0e73 [^]