I have found plenty of sites on how to enable SSL over imap for qmail. Can anyone recomend sites for SSL over POP3?


Thanks

Justyn

I don't know of any howtos for this, but I can tell you how to do it....

(1) Upgrade your stunnel package to v4.

(2) Create a config file for stunnel. (replace my.domain.com with yours... this also assumes you're running vpopmail... if not, just change that vpopmail line to whatever yours happens to be)

(3) create servercert.pem (or construct your own cert)

(4) Change your qmail-pop3d/run file

That's it! Restart qmail and test.

1 members found this post helpful.

what do I name the config file for stunnel as and where do I put it?

If you follow my commands... the first line of code is cd /var/qmail/control. This is where your cert goes and where the stunnel conf file goes. The file is named pop3s.conf.

Nada. If I nmap my localhost I see pop3s running on port 995. However both Thunderbird and OE say they cannot connect. Is there a another step I'm missing? I'm a complete newbie when it comes to SSL so please bear with me.

Well, you need to tell your email client to point to 995 instead of the usual port 110. While you're in there, you'll also need to tell it to use SSL.

You can test your pop3s connection at the prompt using...

openssl s_client -connect 127.0.0.1:995

It sounds like it's running on your machine but you're just having trouble connecting to it from the outside.

machine attempts to use 995. I made sure of that part :P

One thing... You may want to be sure the permissions on the certificate is read only by the owner and no other permissions.... I think the owner and group should be root/root. I know that was a problem for me. Once I got the perms correct, it started working fine.

Hold on a minute... I just realized something... I have a seperate supervise for my secure stuff. I copied /var/qmail/supervise/qmail-pop3d and made /var/qmail/supervise/qmail-pop3ds for the secure version. The run file we created in that earlier post goes under there. This way, I still have normal pop3 running on port 110 so it doesn't interfere with the one running on 995.

I also have /var/log/qmail/qmail-pop3ds directory so it logs to there. That also means I have /var/qmail/supervise/qmail-pop3ds/log/run file that is identical in permission and content as the normal qmail-pop3d. That way, I have seperate logging for the secure version too.

Maybe that's what you need to do on yours.

Sorry for not being more clear about all that.

it sorta works now. It sees the cert. However its complaining about file premissions on the cert. And I have put root/root as owner/group

You want the permissions to be read only for just the owner... in this case root.

if you're running vpopmail, the permissions are the same, but you probably want vpopmail/vchkpw as the user/group.

Dear Friend, Thank for saving my time. Wish you good luck. Give us such thing more and more.