Allright, my previous post reminded me of this issue that I've been meaning to try to resolve: I'd like to get secure POP3 working on my system, so that I don't have to have port 110 open to the world and have my username and password floating around the internet in clear text every time I check my home e-mail.
I'm using Caldera eWorkstation 3.1, kernel 2.4.9. After installing the stunnel RPM (from the 3.1 server SRPM), I seem to have managed to enable pop3s on my system well enough (except for it not working :-( ). I've added pop3s stream tcp nowait root /usr/sbin/stunnel -l /usr/sbin/ipop3d -- ipop3d to my /etc/inet.d/imap file. netstat -a reports that the server is listening to the pop3s port, which, according to /etc/services, is port 995. My router is reporting that port 995 gets forwarded to my server. I have created a stunnel.pem certificate in the directory /etc/ssl/certs/ using 'openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem' stunnel -V reports that the pemfile should be /etc/ssl/certs/stunnel.pem, which it is. Unfortunately, after configuring my e-mail clients (Mozilla and MS Outlook -- I know, it's just for testing purposes since I don't actually know that Moz REALLY supports SSL) to use SSL, they can't connect. Should the cert file really be called pop3s.pem or something? There are .pem files in /etc/ssl/certs called 'simap.pem' and 'spop3.pem' which I can only assume were put there when I installed the stunnel rpm (the date and time of the files would indicate that and I certainly didn't manually put them there. The directory used for client authentication is /etc/ssl/pop+imap-clients/, but AFAICT, stunnel is configured with verification level "no verify", so I understand that to mean that no client verification certs are required. What am I missing? How is this supposed to work? Thanks, Tim _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
