sublime Posted May 25, 2004 Share Posted May 25, 2004 I am using Entourage 2004 and OSX. I'm use to using pop and have converted to imap and its working great except I'm not sure if SSL is working properly. Under advanced options - "This IMAP service reqires a secure connection (SSL)" is checked - and IMAP connections work. But, if I check "Always use secure password" I get an error: "Authentication failed because Entourage doesn't support any of the available authentication methods. Error: -17897" The only other setting is "Override default IMAP port:" and I can define a port besides 993. I read the faq about eudora and ssl. I have added the Equifax root certificate using the certificate manager but still get the error when secure password is checked. Link to comment Share on other sites More sharing options...
sublime Posted May 26, 2004 Author Share Posted May 26, 2004 Did a little reading. "Always use secure password" translated out of microsoft lingo means - use secure password authentication (SPA) which is a buzzword for SSPI authentication framework. SSPI includes a bunch of different mechanisms - kerberos, NTLM, etc All of which should work, but apparently only NTLM works properly with entourage, outlook, etc. So, does the spamcop imap server support NTLM, or SPA at all? My understaning is that without SPA you are vulnerable to man in the middle attacks? thanks -chris Link to comment Share on other sites More sharing options...
Wazoo Posted May 27, 2004 Share Posted May 27, 2004 I'm going to plead total ignorance here, but noting that there's yet to be any other answer. I've yet to find your reference to a "Eudora and SSL" FAQ ... and the closest thing I can find that seems to mention a secure connection is one of JeffG's Pinned items at http://forum.spamcop.net/forums/index.php?showtopic=152 which only mentions the webmail login location as either http: or https: ... I see nothing noted about the IMAP server having a similar hook-up. I have kicked a question JT so there's an answer somewhere ... Link to comment Share on other sites More sharing options...
Wazoo Posted May 27, 2004 Share Posted May 27, 2004 Ok, this back from JT; We support SSL but not secure passwords at this time. But, if the user uses SSL then their password will be encrypted even if it's supposedly "plain". The SSL covers the entire session and encrypts all the data, even the password. Jeff Hope this helps. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.