let me replay to my self: outlook does not send certificate for pops sessions (and maybe it never will learn how to do it). so, if anyone out there wants to use this 'feature' against outlook clients, the answer is: use stunnel (there are god examples on http://www.stunnel.org/examples/ and the faq might help) or implement the webmail (e.g., squirellmail)!
good luck! --- prezha <[EMAIL PROTECTED]> wrote: > i'm trying to configure courier-imap @ suse 10.1 (retail) so that: > 1) one smaller group of users (about 10) authenticate with certificates (plus > user name & > password - if needed) -- these are mobile users who connect sometimes from the > "outside"/internet and sometimes from the "inside"/local, and > 2) large group of local users authenticate with user name & password only. > > because all of the users (except me) are already using outlook/express > connecting older mail > server that i'm going to replace, i would like to provide pop3 for the local > connections and > pop3+ssl/tls for the remote connections (to preserve current settings in the > local user's mail > clients). > then, i'll open e.g., 995 port for the external access to allow remote users > to pick up their > mails (while 110 will remain closed and open for the internal users only). > all of the user would be members of /etc/passwd > > so far, using openssl i created the ca that signed mail server certificate > and one signed > certificate for testing and referenced to it with > --- > TLS_CERTFILE=<path_to_mail_server_crt+key_in_pem> and > TLS_TRUST_CERTS=<path_to_dir_with_test_cert_in_pem> > in my /etc/courier/pop3d-ssl, along with: > TLS_VERIFYPEER=REQUIREPEER > SSLPORT=995 > SSLADDRESS=0 // for now > SSLPIDFILE=/var/run/pop3d-ssl.pid > SSLLOGGEROPTS="-name=pop3d-ssl" > POP3DSSLSTART=YES > POP3_STARTTLS=YES > POP3_TLS_REQUIRED=0 // i wish i can set this to 1, but then [EMAIL PROTECTED] > requires cert too?! > COURIERTLS=/usr/sbin/couriertls > TLS_PROTOCOL=SSL3 > TLS_STARTTLS_PROTOCOL=TLS1 > --- > > "plain" pop3 is working, but when i try to connect to 995 using ssl or tls, i > get errors in my > /var/log/mail: > > pop3d: couriertls: accept: error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not > return a certificate and pop3d: couriertls: accept: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > anyone could help me with this? > thank you in advance! > > also, if anyone could point me out where to find some documentation for > courier-imap (sites, > books, ...), except this mail list ;) > > > --------------------------------- > Yahoo! Music Unlimited - Access over 1 million songs.Try it free. > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV> _______________________________________________ > Courier-imap mailing list > Courier-imap@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
