Page 85 - Mercury Manual.book
P. 85
The MercuryP POP3 Server Module 80
Using SSL for secure connections
POP3 Login name aliasing
There may be occasions where you want a user to be able to login via POP3 using a username
that differs from his or her “real world” username on your network. As an example, many
users are not comfortable with the hierarchical username structure imposed by tree-based
user databases like NetWare NDS or Microsoft ActiveDirectory: a user whose real-world
username is “joe.business.company” may prefer simply to login as “joe”.
MercuryP allows you to create a file containing POP3 login aliases: a login alias is simply a
line of text that equates a login name to a real world username. Using our “joe” user from the
paragraph above as an example, the login alias for him would look like this:
joe = joe.business.company
With this alias in place, Mercury will know that when someone attempts to login as “joe”,
that the real-world equivalent username is actually “joe.business.company” and will access
the proper mailbox.
MercuryP and the MercuryI IMAP4 server use an identical format for login alias files, and
you can specify the same file for both modules if you wish.
Note: If you use POP3 login aliases, it is your responsibility to ensure that any name clashes
within your system are properly-resolved. MercuryP will use the first entry it finds in the alias
file that matches the login name, and will not make any attempt to recognize or resolve am-
biguities.
Using SSL for secure connections
The SSL page of the MercuryP configuration dialog allows you to enable and configure sup-
port for secure SSL-based connections. Configuring SSL is generally covered in the chapter
Using SSL to secure connections - please refer to that chapter for more information.
The use of SSL to secure POP3 connections is strongly recommended, because it provides a
significant level of extra security both to the message data, and to the passwords provided by
the user across the link. MercuryP supports SSL negotiation via the STLS command, as de-
fined in RFC2595.
Extra SSL-related functionality The MercuryP POP3 and the MercuryI IMAP server server
allow you to check a control called Disable plaintext logins for non-SSL connections: if this
control is checked, these servers will not allow people to login unless they first establish an
SSL connection. The conventional wisdom on the Internet is that you should always enable
this kind of refusal for unsecured logins, but this may be impractical if you have some users
running mail clients that do not support SSL. We recommend strongly that you enable this
option if you can do so practically. Note that even if this control is enabled, it can be overrid-
den on a case-by-case basis using connection control Allow entries (see above).
Login-time listing constraints
One of the most powerful features offerred by the MercuryP POP3 server allows you to tailor
the list of messages it will present to you by attaching certain mailbox display constraints to
your POP3 login name. The general syntax of these options is as follows
username (<option1>[,<option2>...])
