Jump to content
Sign in to follow this  
sublime

Entourage and IMAP with SSL

Recommended Posts

I am using Entourage 2004 and OSX.

I'm use to using pop and have converted to imap and its working great except I'm not sure if SSL is working properly.

Under advanced options - "This IMAP service reqires a secure connection (SSL)" is checked - and IMAP connections work.

But, if I check "Always use secure password" I get an error:

"Authentication failed because Entourage doesn't support any of the available authentication methods. Error: -17897"

The only other setting is "Override default IMAP port:" and I can define a port besides 993.

I read the faq about eudora and ssl. I have added the Equifax root certificate using the certificate manager but still get the error when secure password is checked.

Share this post


Link to post
Share on other sites

Did a little reading.

"Always use secure password" translated out of microsoft lingo means - use secure password authentication (SPA) which is a buzzword for SSPI authentication framework. SSPI includes a bunch of different mechanisms - kerberos, NTLM, etc All of which should work, but apparently only NTLM works properly with entourage, outlook, etc.

So, does the spamcop imap server support NTLM, or SPA at all?

My understaning is that without SPA you are vulnerable to man in the middle attacks?

thanks

-chris

Share this post


Link to post
Share on other sites

I'm going to plead total ignorance here, but noting that there's yet to be any other answer. I've yet to find your reference to a "Eudora and SSL" FAQ ... and the closest thing I can find that seems to mention a secure connection is one of JeffG's Pinned items at http://forum.spamcop.net/forums/index.php?showtopic=152 which only mentions the webmail login location as either http: or https: ... I see nothing noted about the IMAP server having a similar hook-up.

I have kicked a question JT so there's an answer somewhere ...

Share this post


Link to post
Share on other sites

Ok, this back from JT;

We support SSL but not secure passwords at this time. But, if the user uses SSL then their password will be encrypted even if it's supposedly "plain".  The SSL covers the entire session and encrypts all the data, even the password.

Jeff

Hope this helps.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×