1) one smaller group of users (about 10) authenticate with certificates (plus user name & password - if needed) -- these are mobile users who connect sometimes from the "outside"/internet and sometimes from the "inside"/local, and
2) large group of local users authenticate with user name & password only.
because all of the users (except me) are already using outlook/express connecting older mail server that i'm going to replace, i would like to provide pop3 for the local connections and pop3+ssl/tls for the remote connections (to preserve current settings in the local user's mail clients).
then, i'll open e.g., 995 port for the external access to allow remote users to pick up their mails (while 110 will remain closed and open for the internal users only).
all of the user would be members of /etc/passwd
so far, using openssl i created the ca that signed mail server certificate and one signed certificate for testing and referenced to it with
---
TLS_CERTFILE=<path_to_mail_server_crt+key_in_pem> and
TLS_TRUST_CERTS=<path_to_dir_with_test_cert_in_pem>
in my /etc/courier/pop3d-ssl, along with:
TLS_VERIFYPEER=REQUIREPEER
SSLPORT=995
SSLADDRESS=0 // for now
SSLPIDFILE=/var/run/pop3d-ssl.pid
SSLLOGGEROPTS="-name=pop3d-ssl"
POP3DSSLSTART=YES
POP3_STARTTLS=YES
POP3_TLS_REQUIRED=0 // i wish i can set this to 1, but then [EMAIL PROTECTED] requires cert too?!
COURIERTLS=/usr/sbin/couriertls
TLS_PROTOCOL=SSL3
TLS_STARTTLS_PROTOCOL=TLS1
---
"plain" pop3 is working, but when i try to connect to 995 using ssl or tls, i get errors in my /var/log/mail:
pop3d: couriertls: accept: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate and pop3d: couriertls: accept: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returnedanyone could help me with this?
thank you in advance!
also, if anyone could point me out where to find some documentation for courier-imap (sites, books, ...), except this mail list ;)
Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
