RE: [toaster] Problem w/ POP3 over SSL/TLS

[wtechgroup]

Hey everyone,               Below are the steps I figured out, ran multiple times, and haven’t had a single issue out of. These steps allow you to use stunnel. The only downfall to using stunnel connections is that in your logs, all connections using the secure ports have a src address of 127.0.0.1. So here they are:   Prerequisites 1)      stunnel 2)      openssl 3)      web server 4)      email server   Generating a Self-Signed Certificate with a Client Key 1)      cd /etc/httpd/conf 2)      make stunnel.pem 3)      Follow on screen instructions 4)      mkdir –p /usr/local/etc/stunnel 5)      mv stunnel.pem /usr/local/etc/stunnel 6)      cd /usr/local/etc/stunnel 7)      openssl x509 –in stunnel.pem –outform DER –out qmail.der 8)      cp qmail.der /var/ww/html 9)      See page  for client certificate installation   Writing the Stunnel Script 1)      cd /usr/local/etc/stunnel/ 2)      vi stunnel.conf 3)      Create the below script: cert = /usr/local/etc/stunnel/stunnel.pem chroot = /usr/local/var/run/stunnel/ pid = /stunnel.pid   setuid = nobody setgid = nobody   #foreground = yes #debug = 7 output = /usr//local/etc/stunnel/stunnel.log #output = /dev/stdout   [smtps] accept = 9925 connect = 25   [pop3s] accept = 9955 connect = 110   [imaps] accept = 9933 connect = 143 4)      vi /etc/rc.local 5)      Insert the following lines #Run the stunnel script for secure Qmail connections (smtps, pop3s, imaps) /usr/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf 6)      Reboot Server   Installing the Self-Signed Client Key 1)      In Internet Explorer, go to https://email.wtechgroup.com/qmail.der 2)      Once the dialog box pops up, click Open. 3)      Then click Install Certificate 4)      Place the certificate in the Trusted Root Certification Authorities store 5)      Click OK 6)      Accept the Security Warning by clicking Yes 7)      Setup the necessary account and ports in Outlook. 8)      Restart Outlook     Ryan Starrett Senior Support Tech. Walser Technology Group, Inc.   From: Aaron Gray [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 12, 2006 7:25 PM To: toaster@shupp.org Subject: Re: [toaster] Problem w/ POP3 over SSL/TLS   Good good call.. stunnel-4.05-3 I re-read the toaster and noticed some "notes" about v4. made the updates. fixed! No client certificate CA names sent --- SSL handshake has read 1110 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit SSL-Session:     Protocol  : TLSv1     Cipher    : AES256-SHA     Session-ID: 79C81FD115872056294B88B819FE729E8B141931DE6F2438BD7C05A59AD7E4A6     Session-ID-ctx:     Master-Key: 94089DA329B84B1E731B0980AB467B8E8915264B001DD701FAD6B6296B57B8E4CA7EB687D23CF8693EC4036014518D14     Key-Arg   : None     Krb5 Principal: None     Start Time: 1144884223     Timeout   : 300 (sec)     Verify return code: 18 (self signed certificate) --- +OK <[EMAIL PROTECTED]> On 4/12/06, Rick Macdougall <[EMAIL PROTECTED]> wrote: Aaron Gray wrote: > Following shupp.org <http://shupp.org> Toaster I am able to successfully > do IMAP and SMTP over SSL/TLS, but I cannot connect via POP > > Here's some 411 > > RedHat Enterprise Linux 4 AS > Just installed the toaster from scratch, so its current to his 0.8.7 > > Thoughts?? > I just notice multiple openssl vers it seems there.. Hrmm... ? Version of stunnel you are using ?  I believe the toaster is setup for 3.x and Rehat has 4.x installed. Regards, Rick