Page 98 - Mercury Manual.book
P. 98
93 The MercuryI IMAP4rev1 server
Using SSL for secure connections
users are not comfortable with the hierarchical username structure imposed by tree-based
user databases like NetWare NDS or Microsoft ActiveDirectory: a user whose real-world
username is “joe.business.company” may prefer simply to login as “joe”.
MercuryI allows you to create a file containing IMAP login aliases: a login alias is simply a
line of text that equates a login name to a real world username. Using our “joe” user from the
paragraph above as an example, the login alias for him would look like this:
joe = joe.business.company
With this alias in place, Mercury will know that when someone attempts to login as “joe”,
that the real-world equivalent username is actually “joe.business.company” and will access
the proper mailbox.
MercuryI and the MercuryP POP3 server use an identical format for login alias files, and you
can specify the same file for both modules if you wish.
Note: If you use login aliases, it is your responsibility to ensure that any name clashes within
your system are properly-resolved. MercuryI will use the first entry it finds in the alias file
that matches the login name, and will not make any attempt to recognize or resolve ambigu-
ities.
Using SSL for secure connections
The SSL page of the MercuryI configuration dialog allows you to enable and configure sup- MercuryI only supports
port for secure SSL-based connections. Configuring SSL is covered in the chapter Using SSL SSL connections using
the STARTTLS protocol
to secure connections - please refer to that chapter for more information. defined in RFC3501. Di-
rect SSL connection is
now deprecated on the In-
The use of SSL to secure IMAP4 connections is strongly recommended, because it provides ternet and Mercury does
a significant level of extra security both to the message data, and to the passwords provided not support it..
by the user across the link. MercuryP supports SSL negotiation via the STARTTLS com-
mand, as defined in RFC2595 and RFC3501.
Extra SSL-related functionality The MercuryP POP3 and the MercuryI IMAP server server
allow you to check a control called Disable plaintext logins for non-SSL connections: if this
control is checked, these servers will not allow people to login unless they first establish an
SSL connection. The conventional wisdom on the Internet is that you should always enable
this kind of refusal for unsecured logins, but this may be impractical if you have some users
running mail clients that do not support SSL. We recommend strongly that you enable this
option if you can do so practically. Note that even if this control is enabled, it can be overrid-
den on a case-by-case basis using connection control Allow entries (see above).
