Using stunnel you have to use the -T option:
-T transparent proxy mode
Re-write address to appear as if wrapped daemon is
connecting from the SSL client machine instead of the
machine running stunnel. Available only on some
operating systems (Linux only, we believe) and then
only in server mode. Note that this option will not
combine with proxy mode (-r) unless the client's
default route to the target machine lies through the
host running stunnel, which cannot be localhost.
This is what I use on my raq4i :
/usr/local/sbin/stunnel -T -d simap -l /usr/sbin/imapd -p /etc/stunnel.pem
/usr/local/sbin/stunnel -T -d spop3 -l /usr/sbin/in.qpopper -p /etc/stunnel.pem
- Eric
>>I Still have to resolve pop-before-smtp which does not sork with spop3.
>
>
> I think that you will have to use pop/imap server with native
> SSL to use pop before smtp. Stunnel proxies incoming
> connections to the pop/imap server so that the latter think
> that the connection comes from localhost (or over stdin,
> depending on stunnel setup). In either way, pop/imap
> daemon has no way to tell the real client's IP address
> and therefore pop-before-smtp cannot work.
>
> Building UW imapd with SSL support on a RaQ is pretty
> straightforward. In any case easier than building sendmail
> with SMPT AUTH and SSL which is the alternative ;-)
>
> Eugene
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
