Mmmm, the private KEY is in the CERTIFICATE. And i didn�t have any problems with that. Can anybody tell me how to tell QPOPPER to bind to port 995. I�m running it in STAND ALONE mode. So NO INETD or XINETD available. But if INETD is the ONLY solution well, i�ll recompile and use it that WAY. I try the solution proposed in the administrator guide, about THREE conf files. But didn�t work. Sincerely, i didn�t understand it so may be i did it WRONG. A production working example of the conf file(s) will be WELCOME. =D.
Thanks a lot for your help DANIEL. Fernando PD: i can�t believe OUTLOOK� 2000 can�t support STLS command =( ----- Original Message ----- From: "Daniel Senie" <[EMAIL PROTECTED]> To: "Fernando Casas" <[EMAIL PROTECTED]>; "Subscribers of Qpopper" <[EMAIL PROTECTED]> Sent: Thursday, January 10, 2002 4:03 PM Subject: Re: TLS/SSL At 01:50 PM 1/10/02, Fernando Casas wrote: >Hi, i�m new to the list. I�m from argentina so please excuse my bad english. >I�m having trouble with TLS/SSL with the fabubous QPOPPER. Everything but >that it�s going smoothly and let me tell you QPOPPER RULEEESS. ;) >Ok, i�ll proceed with the problem description. >My compile options were: > >./configure --enable-server-mode --enable-standalone --enable-shy --enable- b >ulletins --disable-old-spool-loc --enable-home-dir-mail=Mailbox --with-open s >sl > >And my config file its tuned like this: > >set server-mode >set reverse-lookup >set fast-update >set statistics = true >set tls-support = stls >set tls-server-cert-file = /etc/mail/certs/cert.pem You are missing a config line telling qpopper where to find your private key. May not be the only problem, but it certainly is one problem. >I�m using Outlook Express 5.5 (also tried with OUTLOOK 2K). When i try to >connect to the POP3 server, without SSL, everything gows smoothly. But when >i configure OU to use SSL on port 110, i get this msg: Well, if you're going to use OE, you have to set up a second instance of qpopper, on port 995, with set tls-support=alternate-port. You see, the folks at Microsoft haven't figured out this STARTTLS thing. Hopefully they will get around to fixing their product at some point. Until then, you have to run two separate configs of qpopper. >A secure connection to the server could not be established. Account: >'192.168.0.70', Server: '192.168.0.70', Protocol: POP3, Port: 110, >Secure(SSL): Yes, Error Number: 0x800CCC1A > >And QPOPPER write this to the logs: > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "\200a^A^C^A". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "\200b^A\200^A". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at 192.168.0.71 >(192.168.0.71): -ERR Unknown command: "^V^C". >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted >(1) >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27691]: (null) at 192.168.0.71 >(192.168.0.71): -ERR POP EOF or I/O Error > >Also i tried to set TLS-SUPPORT to ALTERNARTE-PORT, in that case SSL WORKS >GREAT, but normal why DON�T. The logs tells that a TLS HANDSHAKE FAILED in >that case. > >In both cases i�m using ONLY port 110. Because i can�t find the way to tell >QPOPPER to bind SSL to port 995 and normal POP3 to port 110. So you were looking for the right things. If you're running from inetd or xinetd, you'd have to tell that software that you'd like it to respond on port 995 as well as 110. >Any ideas? Articles to read? Anything? >Thanks in advance. >Fernando. > >************************** > Fernando Casas > > LAN-WAN-Internet-Seguridad > Soporte GNU/Linux > >celular: 156-162861 >email: [EMAIL PROTECTED] >http://www.secdata.com.ar >************************** ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
