**********************************************
IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL
-Preliminary documentation - 6 Dec 2002
-Chris Hilts chilts@birdbrained.org
+$Id$
+Chris Hilts tassium@squirrelmail.org
**********************************************
Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were
Unless the administrator changes the authentication methods, SquirrelMail
will default to the "classic" plaintext methods, without TLS.
+Note: There is no point in using TLS if your IMAP server is localhost. You need
+root to sniff the loopback interface, and if you don't trust root, or an attacker
+already has root, the game is over. You've got a lot more to worry about beyond
+having the loopback interface sniffed.
+
REQUIREMENTS
------------
TLS
* SquirrelMail 1.3.3 or higher
-* PHP 4.3.0 or higher
+* PHP 4.3.0 or higher (Check Release Notes for PHP 4.3.x information)
* The "STARTTLS" command is NOT supported. The server you wish to use TLS
on must have a dedicated port listening for TLS connections. (ie. port
993 for IMAP, 465 for SMTP)
All configuration is done using conf.pl, under main menu option #2.
+conf.pl can now attempt to detect which mechanisms your servers support.
+You must have set the host and port before attempting to detect, or you
+may get inaccurate results, or a long wait while the connection times out.
+
+If you get results that you know are wrong when you use auto-detection, I
+need to know about it. Please send me the results you got, the results you
+expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9").
+
KNOWN ISSUES
------------
QUIT
[server says bye, closes connection]
+
+OPTIONAL SMTP AUTH CONFIGURATION
+--------------------------------
+
+If you need all users to send mail via an upstream SMTP provider
+(your ISP, for example), and that ISP requires authentication,
+there are two variables that can be added to config_local.php
+that will specify a sitewide SMTP username and password.
+
+Set up SMTP authentication to the remote server according to the
+instructions above, then add the following to config_local.php,
+replacing <smtp_user> and <smtp_pass> with the username and password
+you'd like to use for the entire site:
+
+ $smtp_sitewide_user = '<smtp_user>';
+ $smtp_sitewide_pass = '<smtp_pass>';
+
+These values will be used to connect to the SMTP server as long
+as the authentication mechanism is something besides 'none', i.e.
+'login','plain','cram-md5', or 'digest-md5'.
+
+
[End]