RE: Configuring Qpopper with SSL and APOP
At 5:33 AM -0400 5/24/02, Michael Caplan wrote: > I reconfigured Qpopper with just OpenSSL support and I'm still getting the > following error when connecting with Outlook: > > -ERR [AUTH] You must use stronger authentication such as AUTH or APOP to > connect to this server > > inetd.conf looks like this: > > pop3 stream tcp nowait root/usr/local/libexec/qpopper > qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log > pop3s stream tcp nowait root/usr/local/libexec/qpopper > qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log > > and pop.options: > > set debug > set tls-private-key-file = '/etc/mail/certs/key.pem' > set tls-server-cert-file = '/etc/mail/certs/cert.pem' > set tls-support = stls > set log-facility= local0 > set tls-support = alternate-port > set clear-text-password = tls > set chunky-writes = tls > > Shouldn't this do the trick? > > Thanks, > > Michael Looks to me like the problem is that you've set tls support to stls, which I think Outlook still doesn't support. Try enabling alternate-port (*sigh*) on the Qpopper on port 995. Outlook should use that instead of port 110, which can be used by smarter clients. > > -Original Message- > From: Randall Gellens [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 23, 2002 7:44 PM > To: Michael Caplan; Subscribers of Qpopper > Subject: RE: Configuring Qpopper with SSL and APOP > > > At 8:28 AM -0400 5/23/02, Michael Caplan wrote: > >> The goal that we are seeking is APOP authentication on port 110, and > TLS/SSL >> authentication on 995. I have been successful with configuring Qpopper > with >> APOP and TSL/SSL (I can connect with Eudora with APOP authentication and >> TSL/SSL), but I can not get the two to work exclusively. > > In the Qpopper running on port 110, set clear-text-password to never. > In the Qpopper running on 995, set tls to alternate-port.
Re: Configuring Qpopper with SSL and APOP
At 10:10 AM +0200 5/24/02, Sebastien Renard wrote: > > At 8:28 AM -0400 5/23/02, Michael Caplan wrote: >> > The goal that we are seeking is APOP authentication on port 110, and >> > TLS/SSL authentication on 995. I have been successful with configuring >> > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP >> > authentication and TSL/SSL), but I can not get the two to work >> > exclusively. >> > > In the Qpopper running on port 110, set clear-text-password to never. >> In the Qpopper running on 995, set tls to alternate-port. > > There's two qpopper running ? With two entries in inetd.conf ? You need one instance of Qpopper per port. You configure each to behave as you want.
RE: Configuring Qpopper with SSL and APOP
I reconfigured Qpopper with just OpenSSL support and I'm still getting the following error when connecting with Outlook: -ERR [AUTH] You must use stronger authentication such as AUTH or APOP to connect to this server inetd.conf looks like this: pop3 stream tcp nowait root/usr/local/libexec/qpopper qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log pop3s stream tcp nowait root/usr/local/libexec/qpopper qpopper -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log and pop.options: set debug set tls-private-key-file = '/etc/mail/certs/key.pem' set tls-server-cert-file = '/etc/mail/certs/cert.pem' set tls-support = stls set log-facility= local0 set tls-support = alternate-port set clear-text-password = tls set chunky-writes = tls Shouldn't this do the trick? Thanks, Michael -Original Message- From: Randall Gellens [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 7:44 PM To: Michael Caplan; Subscribers of Qpopper Subject: RE: Configuring Qpopper with SSL and APOP At 8:28 AM -0400 5/23/02, Michael Caplan wrote: > The goal that we are seeking is APOP authentication on port 110, and TLS/SSL > authentication on 995. I have been successful with configuring Qpopper with > APOP and TSL/SSL (I can connect with Eudora with APOP authentication and > TSL/SSL), but I can not get the two to work exclusively. In the Qpopper running on port 110, set clear-text-password to never. In the Qpopper running on 995, set tls to alternate-port.
Re: Configuring Qpopper with SSL and APOP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le Vendredi 24 Mai 2002 01:44, Randall Gellens a écrit : > At 8:28 AM -0400 5/23/02, Michael Caplan wrote: > > The goal that we are seeking is APOP authentication on port 110, and > > TLS/SSL authentication on 995. I have been successful with configuring > > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP > > authentication and TSL/SSL), but I can not get the two to work > > exclusively. > > In the Qpopper running on port 110, set clear-text-password to never. > In the Qpopper running on 995, set tls to alternate-port. There's two qpopper running ? With two entries in inetd.conf ? - -- Sebastien Là où l'on brûle des livre, on finira par brûler des hommes. Heinrich Heine ( 1797-1856 ) -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE87fVduEQdRawm7bcRAjcGAKCqYkPd2lHf7McKNTk00D3F4Caz1gCfRvkW y9zA5XMzNNdZUOa+/VusLm8= =GgQK -END PGP SIGNATURE-
RE: Configuring Qpopper with SSL and APOP
At 8:28 AM -0400 5/23/02, Michael Caplan wrote: > The goal that we are seeking is APOP authentication on port 110, and TLS/SSL > authentication on 995. I have been successful with configuring Qpopper with > APOP and TSL/SSL (I can connect with Eudora with APOP authentication and > TSL/SSL), but I can not get the two to work exclusively. In the Qpopper running on port 110, set clear-text-password to never. In the Qpopper running on 995, set tls to alternate-port.
Re: Configuring Qpopper with SSL and APOP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le Jeudi 23 Mai 2002 16:11, Daniel Senie a écrit : > >With set tls-support = stls, i only have normal connection. > > We use this setup, on port 110, and client mail programs which understand > STARTTLS work perfectly. > > >With set tls-support = alternate-port, i only have ssl connection... > > We use this setup on port 995, for dumb mail clients that don't understand > STARTTLS (Microsoft, are your ears burning?) and that works perfectly. Well, I use kmail, which support ssl and tls. With Qpopper tls never work, i can only use ssl (ssl v3 is equivalent to tls v1 no ?). Maybe this is the pb ? I compile qpopper with openssl 0.9.6. - -- Sebastien Linux est obsolète. Andrew Tanenbaum -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE87PrzuEQdRawm7bcRAqOxAJ4qRO8yyRBJ9t4gOc5CzhjhXGIvlwCfa3NR A6T9kc6P6ylPQKg/KPUksj8= =KDb+ -END PGP SIGNATURE-
Re: Configuring Qpopper with SSL and APOP
At 09:55 AM 5/23/02, Sebastien Renard wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Le Jeudi 23 Mai 2002 14:28, Michael Caplan a écrit : > > I am still working through an install of qpopper that runs either APOP or > > SSL. I am having a few problems, and can't find the answers I need in the > > mailing list archive. I was hoping folks on the list can shed some light. > > > > The goal that we are seeking is APOP authentication on port 110, and > > TLS/SSL authentication on 995. I have been successful with configuring > > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP > > authentication and TSL/SSL), but I can not get the two to work exclusively. > >Hello, > >I have the same pb. I cannot use APOP/SSL and APOP only. Qpopper >documentation >says that SSL and normal connection can use the same port. Anyone manage to >get SSL and no-SSL on the same port ? Let me preface this by saying I don't use APOP. >With set tls-support = stls, i only have normal connection. We use this setup, on port 110, and client mail programs which understand STARTTLS work perfectly. >With set tls-support = alternate-port, i only have ssl connection... We use this setup on port 995, for dumb mail clients that don't understand STARTTLS (Microsoft, are your ears burning?) and that works perfectly. >- -- >Sebastien > >Ce qui manque aux orateurs en profondeur, ils vous le donnent en longueur. >Montesquieu, Mes pensées >-BEGIN PGP SIGNATURE- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE87PTYuEQdRawm7bcRAkxkAKCMAf33zSOSFxQbO5xhsOGN7rfFrQCeIrSh >o3b0jBt/cUhbuNu1G+H1V2c= >=8gYt >-END PGP SIGNATURE- - Daniel Senie[EMAIL PROTECTED] Amaranth Networks Inc.http://www.amaranth.com
Re: Configuring Qpopper with SSL and APOP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le Jeudi 23 Mai 2002 14:28, Michael Caplan a écrit : > I am still working through an install of qpopper that runs either APOP or > SSL. I am having a few problems, and can't find the answers I need in the > mailing list archive. I was hoping folks on the list can shed some light. > > The goal that we are seeking is APOP authentication on port 110, and > TLS/SSL authentication on 995. I have been successful with configuring > Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP > authentication and TSL/SSL), but I can not get the two to work exclusively. Hello, I have the same pb. I cannot use APOP/SSL and APOP only. Qpopper documentation says that SSL and normal connection can use the same port. Anyone manage to get SSL and no-SSL on the same port ? With set tls-support = stls, i only have normal connection. With set tls-support = alternate-port, i only have ssl connection... - -- Sebastien Ce qui manque aux orateurs en profondeur, ils vous le donnent en longueur. Montesquieu, Mes pensées -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE87PTYuEQdRawm7bcRAkxkAKCMAf33zSOSFxQbO5xhsOGN7rfFrQCeIrSh o3b0jBt/cUhbuNu1G+H1V2c= =8gYt -END PGP SIGNATURE-
RE: Configuring Qpopper with SSL and APOP
I am still working through an install of qpopper that runs either APOP or SSL. I am having a few problems, and can't find the answers I need in the mailing list archive. I was hoping folks on the list can shed some light. The goal that we are seeking is APOP authentication on port 110, and TLS/SSL authentication on 995. I have been successful with configuring Qpopper with APOP and TSL/SSL (I can connect with Eudora with APOP authentication and TSL/SSL), but I can not get the two to work exclusively. When connecting with Outlook (which only supports TSL/SSL, the pop.log reports the following: May 23 05:17:28.295 2002 [8680] (v4.0.4) TLSv1/SSLv3 handshake with client at x.x.x.x (x.x.x.x); new session-id; cipher: RC4-MD5 (RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 ), 128 bits May 23 05:17:28.295 2002 May 23 05:17:28.695 2002 [8680] ise at x.x.x.x (x.x.x.x): -ERR [AUTH] You must use stronger authentication such as AUTH or APOP to connect to this server May 23 05:17:28.695 2002 May 23 05:17:28.820 2002 [8680] I/O Error May 23 05:17:28.820 2002 May 23 05:17:28.872 2002 [8680] ise at x.x.x.x (x.x.x.x): -ERR POP EOF or I/O Error May 23 05:17:28.872 2002 May 23 05:17:28.873 2002 [8680] TLS shutdown Error Any ideas? Below are some of my configs: Thanks, Michael Qpopper make: ./configure --enable-apop=/usr/local/etc/qpopper/pop.auth --enable-nonauth- file=/usr/local/etc/qpopper/popusers --with-apopuid=pop --without-gdbm --ena ble-keep-temp-drop --with-openssl=/usr --prefix=/usr/local/ Inetd.conf: pop3 stream tcp nowait root/usr/local/libexec/qpopper qpopper -d -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log pop3s stream tcp nowait root/usr/local/libexec/qpopper qpopper -d -p 2 -R -s -f /etc/mail/pop.options -t /var/spool/mqueue/pop.log pop.options: set debug set tls-private-key-file = '/etc/mail/certs/key.pem' set tls-server-cert-file = '/etc/mail/certs/cert.pem' set tls-support = stls set log-facility= local0 set tls-support = alternate-port set clear-text-password = tls set chunky-writes = tls
Re: Configuring Qpopper with SSL and APOP
At the risk of pointing out the obvious, is it because it is looking for a configuration file in /ect (rather than /etc) ? At 19:11 19/05/02 -0400, Michael Caplan wrote: >Hi, > >I am working on a new install of Qpopper that runs over SSL or uses APOP >authentication. I am having difficulties configuring pop.options. I am >receiving the following error with the below config: "unable to process >config file /ect/mail.pop.options. > >set debug >set tls-private-key-file = '/etc/mail/certs/key.pem' >set tls-server-cert-file = '/etc/mail/certs/cert.pem' >set tls-support = stls >set log-facility= local0 >set tls-support = alternate-port >set clear-text-password = tls >set chunky-writes = tls > > >According to my understanding of the Qpopper manual, the syntax is right. >Any ideas why it is having difficulties with this? > >Thanks, > >Michael Caplan
