1 |
robbat2 11/12/04 01:42:12 |
2 |
|
3 |
Modified: dev-email.xml |
4 |
Log: |
5 |
Update instructions to describe STARTTLS vs. the *S versions of POP3/IMAP, and also how to use either of them with suggestions for when. |
6 |
|
7 |
Revision Changes Path |
8 |
1.42 xml/htdocs/proj/en/infrastructure/dev-email.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/dev-email.xml?rev=1.42&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/dev-email.xml?rev=1.42&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/dev-email.xml?r1=1.41&r2=1.42 |
13 |
|
14 |
Index: dev-email.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/dev-email.xml,v |
17 |
retrieving revision 1.41 |
18 |
retrieving revision 1.42 |
19 |
diff -p -w -b -B -u -u -r1.41 -r1.42 |
20 |
--- dev-email.xml 3 Dec 2011 16:21:21 -0000 1.41 |
21 |
+++ dev-email.xml 4 Dec 2011 01:42:12 -0000 1.42 |
22 |
@@ -148,19 +148,27 @@ on dev.gentoo.org using <c>passwd</c>.</ |
23 |
As of 2009/06/29, we use CACert as the Certificate Authority for all of the |
24 |
following SSL certificates. |
25 |
</note> |
26 |
+<note> |
27 |
+Prior to 2011/12/, Gentoo Infrastructure only supported the pure SSL variants |
28 |
+of the protocols, which provided a complete SSL wrapper around the POP3 or IMAP |
29 |
+protocols. While POP3S and IMAPS is still supported, we encourage users to |
30 |
+migrate to using STARTTLS instead, as it is easier to debug by being able to |
31 |
+see the initial plaintext on tcpdump. Users behind aggressive firewalls that |
32 |
+conduct deep-packet inspection to block based on plaintext headers should still |
33 |
+use the pure SSL variants. |
34 |
+</note> |
35 |
</body> |
36 |
</section> |
37 |
<section> |
38 |
-<title>Accessing dev.gentoo.org using POP3S</title> |
39 |
+<title>Accessing dev.gentoo.org using POP3 & STARTTLS or POP3S</title> |
40 |
<body> |
41 |
<p> |
42 |
-POP3S is the secure variant of POP3, the Post Office Protocol version 3. |
43 |
POP3 is a pull-protocol, meaning that e-mails are pulled from the server |
44 |
to your local disk. |
45 |
</p> |
46 |
<p> |
47 |
-To set up your favorite e-mail client for POP3S, use the following |
48 |
-settings: |
49 |
+To set up your favorite e-mail client for POP3 & STARTTLS or POP3S, use the |
50 |
+following settings: |
51 |
</p> |
52 |
<ul> |
53 |
<li><e>POP3 server</e>: dev.gentoo.org</li> |
54 |
@@ -180,11 +188,15 @@ your <path>.fetchmailrc</path> should re |
55 |
poll dev.gentoo.org proto pop3 |
56 |
user <i>username</i> |
57 |
pass <i>password</i> |
58 |
- nokeep ssl sslcertck |
59 |
+ nokeep sslcertck |
60 |
sslfingerprint "34:D0:1D:0D:08:0A:39:D1:A7:46:E4:E9:4F:33:FF:58" |
61 |
sslcertfile /usr/share/ca-certificates/cacert.org/cacert.org.crt |
62 |
sslproto TLS1 |
63 |
</pre> |
64 |
+<note> |
65 |
+The above will have fetchmail using POP3 with STARTTLS. If you need POP3S |
66 |
+instead, add the keyword <c>ssl</c> before the <c>sslcertck</c> keyword. |
67 |
+</note> |
68 |
<p> |
69 |
If you are using <c>sylpheed</c> for your e-mails, create a new account |
70 |
and make sure that the <e>Receive</e> tab uses POP3 and the <e>SSL</e> |
71 |
@@ -202,16 +214,15 @@ SHA256 = F2:7E:E0:B7:D4:CE:43:6A:BF:42:1 |
72 |
</body> |
73 |
</section> |
74 |
<section> |
75 |
-<title>Accessing dev.gentoo.org using IMAPS</title> |
76 |
+<title>Accessing dev.gentoo.org using IMAP & STARTTLS or IMAPS</title> |
77 |
<body> |
78 |
<p> |
79 |
-IMAPS is the secure variant of IMAP, the Internet Message Access Protocol |
80 |
-version 4. IMAP is a push-protocol, meaning that e-mails stay on the |
81 |
-remote server and you can manage seperate mailboxes on that server. |
82 |
+IMAP is a push-protocol, meaning that e-mails stay on the remote server and you |
83 |
+can manage seperate mailboxes on that server. |
84 |
</p> |
85 |
<p> |
86 |
-To set up your favorite e-mail client for IMAPS, use the following |
87 |
-settings: |
88 |
+To set up your favorite e-mail client for IMAP & STARTTLS or IMAPS, use the |
89 |
+following settings: |
90 |
</p> |
91 |
<ul> |
92 |
<li><e>IMAP server</e>: dev.gentoo.org</li> |
93 |
@@ -236,11 +247,15 @@ your <path>.fetchmailrc</path> should re |
94 |
poll dev.gentoo.org proto imap |
95 |
user <i>username</i> |
96 |
pass <i>password</i> |
97 |
- nokeep ssl sslcertck |
98 |
+ nokeep sslcertck |
99 |
sslfingerprint "34:D0:1D:0D:08:0A:39:D1:A7:46:E4:E9:4F:33:FF:58" |
100 |
sslcertfile /usr/share/ca-certificates/cacert.org/cacert.org.crt |
101 |
sslproto TLS1 |
102 |
</pre> |
103 |
+<note> |
104 |
+The above will have fetchmail using IMAP with STARTTLS. If you need IMAPS |
105 |
+instead, add the keyword <c>ssl</c> before the <c>sslcertck</c> keyword. |
106 |
+</note> |
107 |
<p> |
108 |
If you are using <c>mutt</c>, you're smart enough to figure this one out |
109 |
yourself. |