At 01:50 PM 1/10/02, Fernando Casas wrote: >Hi, i�m new to the list. I�m from argentina so please excuse my bad english. >I�m having trouble with TLS/SSL with the fabubous QPOPPER. Everything but >that it�s going smoothly and let me tell you QPOPPER RULEEESS. ;) >Ok, i�ll proceed with the problem description. >My compile options were: > >./configure --enable-server-mode --enable-standalone --enable-shy --enable-b >ulletins --disable-old-spool-loc --enable-home-dir-mail=Mailbox --with-opens >sl > >And my config file its tuned like this: > >set server-mode >set reverse-lookup >set fast-update >set statistics = true >set tls-support = stls >set tls-server-cert-file = /etc/mail/certs/cert.pem
You are missing a config line telling qpopper where to find your private key. May not be the only problem, but it certainly is one problem. >I�m using Outlook Express 5.5 (also tried with OUTLOOK 2K). When i try to >connect to the POP3 server, without SSL, everything gows smoothly. But when >i configure OU to use SSL on port 110, i get this msg: Well, if you're going to use OE, you have to set up a second instance of qpopper, on port 995, with set tls-support=alternate-port. You see, the folks at Microsoft haven't figured out this STARTTLS thing. Hopefully they will get around to fixing their product at some point. Until then, you have to run two separate configs of qpopper. >A secure connection to the server could not be established. Account: >'192.168.0.70', Server: '192.168.0.70', Protocol: POP3, Port: 110, >Secure(SSL): Yes, Error Number: 0x800CCC1A > >And QPOPPER write this to the logs: > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "\200a^A^C^A". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "\200b^A\200^A". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "^V^C". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27691]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error > >Also i tried to set TLS-SUPPORT to ALTERNARTE-PORT, in that case SSL WORKS >GREAT, but normal why DON�T. The logs tells that a TLS HANDSHAKE FAILED in >that case. > >In both cases i�m using ONLY port 110. Because i can�t find the way to tell >QPOPPER to bind SSL to port 995 and normal POP3 to port 110. So you were looking for the right things. If you're running from inetd or xinetd, you'd have to tell that software that you'd like it to respond on port 995 as well as 110. >Any ideas? Articles to read? Anything? >Thanks in advance. >Fernando. > >************************** > Fernando Casas > > LAN-WAN-Internet-Seguridad > Soporte GNU/Linux > >celular: 156-162861 >email: [EMAIL PROTECTED] >http://www.secdata.com.ar >************************** ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
