| View previous topic :: View next topic |
| Author |
Message |
nitro322
Guru
Joined: 24 Jul 2002
Posts: 594
Location: USA
|
 Posted: Sun Jan 26, 2003 7:15 pm Post subject: POP3/SSL |
 |
|
I'd like to run a pop3s server, which is simply pop3 through ssl. I've installed uw-imap on my mail server since it includes both imap and pop3 servers. 'qpkg -l uw-imap' shows that it installed xinetd init scripts for imap, imaps, ipop2, and ipop3, and it also shows that it installed ssl certificates for both imapd and pop3d (/usr/ssl/certs/imapd.pem and /usr/ssl/certs/ipop3d.pem).
Now, my problem is that I cannot figure out any way to start ipop3d in ssl mode. I can run imapd with ssl support by simply running /etc/xinetd.d/imaps, but there is not equivilant ipop3s, only ipop3. Any suggestions on how to do this? I've tried modifying /etc/xinetd.d/ipop3 to start in ssl mode, but haven't had any luck. The only time I've set this up in the past was on a RedHat box, and I'm pretty sure it included an ipop3s script. Am I missing something, or just overlooking it? Anyone else have this working? Thanks. |
|
| Back to top |
|
 |
humpback
Retired Dev
Joined: 19 Oct 2002
Posts: 394
Location: Coimbra - Portugal
|
| Posted: Mon Jan 27, 2003 5:53 am Post subject: |
|
|
Firts emerge -p stunnel and installe it if you dont have it.
Then create a /etc/xinet.d/pop3s file with:
| Code: | # description: The POP3S service allows remote users to access their mail
# using an POP3 client with SSL support such as fetchmail.
service pop3s
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = -p /usr/ssl/certs/mail.felisberto.net.pem -l /usr/sbin/ipop3d -- ipop3d
log_on_success += USERID
log_on_failure += USERID
} |
Change the usr/ssl/certs/mail.felisberto.net.pem to your certificate...
restart xinetd and try it  pop3s works by default on port 995.
_________________
Gustavo Felisberto
Humpback @ #gentoo-pt
------------
It's most certainly GNU/Linux, not Linux. Read more at
http://www.gnu.org/gnu/why-gnu-linux.html .
------------- |
|
| Back to top |
|
|
nitro322
Guru
Joined: 24 Jul 2002
Posts: 594
Location: USA
|
| Posted: Wed Jan 29, 2003 5:38 am Post subject: |
|
|
| I don't have an account to test it at this time, but so far it looks like it working great. Thanks for the input. I've never used stunnel before. What exactly does that do? |
|
| Back to top |
|
|
humpback
Retired Dev
Joined: 19 Oct 2002
Posts: 394
Location: Coimbra - Portugal
|
| Posted: Wed Jan 29, 2003 1:09 pm Post subject: |
|
|
From the man page
| Quote: |
The stunnel program is designed to work as SSL encryption wrapper
between remote clients and local (inetd-startable) or remote servers.
The concept is that having non-SSL aware daemons running on your system
you can easily set them up to communicate with clients over secure SSL
channels.
stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like
NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without
changes to the source code.
This product includes cryptographic software written by Eric Young
(eay@cryptsoft.com) |
_________________
Gustavo Felisberto
Humpback @ #gentoo-pt
------------
It's most certainly GNU/Linux, not Linux. Read more at
http://www.gnu.org/gnu/why-gnu-linux.html .
------------- |
|
| Back to top |
|
|
nitro322
Guru
Joined: 24 Jul 2002
Posts: 594
Location: USA
|
| Posted: Thu Jan 30, 2003 2:50 am Post subject: |
|
|
| ahh, very nice. Sorry, didn't think to look at the man page - I'm used to them more of a reference than an intro. That program actually looks pretty darn cool, though. I'm going have to play around with it some more. Thanks again for the tip. |
|
| Back to top |
|
|
|
Networking & Security
