Jump to content

Entourage and IMAP with SSL

Recommended Posts

I am using Entourage 2004 and OSX.

I'm use to using pop and have converted to imap and its working great except I'm not sure if SSL is working properly.

Under advanced options - "This IMAP service reqires a secure connection (SSL)" is checked - and IMAP connections work.

But, if I check "Always use secure password" I get an error:

"Authentication failed because Entourage doesn't support any of the available authentication methods. Error: -17897"

The only other setting is "Override default IMAP port:" and I can define a port besides 993.

I read the faq about eudora and ssl. I have added the Equifax root certificate using the certificate manager but still get the error when secure password is checked.

Link to comment
Share on other sites

Did a little reading.

"Always use secure password" translated out of microsoft lingo means - use secure password authentication (SPA) which is a buzzword for SSPI authentication framework. SSPI includes a bunch of different mechanisms - kerberos, NTLM, etc All of which should work, but apparently only NTLM works properly with entourage, outlook, etc.

So, does the spamcop imap server support NTLM, or SPA at all?

My understaning is that without SPA you are vulnerable to man in the middle attacks?



Link to comment
Share on other sites

I'm going to plead total ignorance here, but noting that there's yet to be any other answer. I've yet to find your reference to a "Eudora and SSL" FAQ ... and the closest thing I can find that seems to mention a secure connection is one of JeffG's Pinned items at http://forum.spamcop.net/forums/index.php?showtopic=152 which only mentions the webmail login location as either http: or https: ... I see nothing noted about the IMAP server having a similar hook-up.

I have kicked a question JT so there's an answer somewhere ...

Link to comment
Share on other sites

Ok, this back from JT;

We support SSL but not secure passwords at this time. But, if the user uses SSL then their password will be encrypted even if it's supposedly "plain".  The SSL covers the entire session and encrypts all the data, even the password.


Hope this helps.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...