I am using Entourage 2004 and OSX.

I'm use to using pop and have converted to imap and its working great except I'm not sure if SSL is working properly.

Under advanced options - "This IMAP service reqires a secure connection (SSL)" is checked - and IMAP connections work.

But, if I check "Always use secure password" I get an error:

"Authentication failed because Entourage doesn't support any of the available authentication methods. Error: -17897"

The only other setting is "Override default IMAP port:" and I can define a port besides 993.

I read the faq about eudora and ssl. I have added the Equifax root certificate using the certificate manager but still get the error when secure password is checked.

Did a little reading.

"Always use secure password" translated out of microsoft lingo means - use secure password authentication (SPA) which is a buzzword for SSPI authentication framework. SSPI includes a bunch of different mechanisms - kerberos, NTLM, etc All of which should work, but apparently only NTLM works properly with entourage, outlook, etc.

So, does the spamcop imap server support NTLM, or SPA at all?

My understaning is that without SPA you are vulnerable to man in the middle attacks?

thanks
-chris

I'm going to plead total ignorance here, but noting that there's yet to be any other answer. I've yet to find your reference to a "Eudora and SSL" FAQ ... and the closest thing I can find that seems to mention a secure connection is one of JeffG's Pinned items at http://forum.spamcop.net/forums/index.php?showtopic=152 which only mentions the webmail login location as either http: or https: ... I see nothing noted about the IMAP server having a similar hook-up.

I have kicked a question JT so there's an answer somewhere ...

Ok, this back from JT;



Hope this helps.