[Swlug] imap server and smartphone
Justin Mitchell
justin at discordia.org.uk
Fri Sep 23 07:31:02 UTC 2016
On Fri, 2016-09-23 at 02:53 +0100, Ben Tullis via Swlug wrote:
> 3: You could open your IMAP port to the world, but protect it
> cryptographically, then use an IMAP client on the phone
> - Use client-authenticating TLS so that you need to provide a valid
> digital certificate before you can connect to the port
> - Add your self-signed CA and client certificates to your phone
> - You can generate your own self-signed CA certificate and client
> certificate - Something like XCA can help here:
> (http://xca.sourceforge.net/)
> - You can use stunnel (https://www.stunnel.org) to be the
> authenticating proxy, so that you don't have to modify the Cyrus
> configuration much, if at all.
> - If you have an Android phone, sometimes they complain when you add
> a
> self-signed CA certificate. If it's rooted, you can get around this
> with: CADroid
> (https://play.google.com/store/apps/details?id=at.bitfire.cadroid&hl=
> en_GB)
>
If you don't fancy messing with self-signed CAs, and you have your own
domain name you're using, you can get a widely trusted certificate for
free these days quite easily.
Signup to either https://startssl.com or https://letsencrypt.org
and create a free SSL/TLS certificate for your domain name.
Then enable TLS (STARTTLS) mode on your imap server, and on your smtp
server (for sending)
More information about the Swlug
mailing list