At 11:57 AM +0000 11/11/01, Jim Parker wrote: >qpopper 4.0.3 non stand alone. > >In my qpopper.conf file I have set it to only accept clear text passwords >once an ssl connection has been established. But when I tested qpopper by >telneting to port 110 I was allowed to authenticate immediately? > >I'm certain I've complied popper with the necessary options --with-openssl >etc/ I see no errors from the trace/debug file when I connect. Here is my >conf file which is definitely being parsed on connect. > >----------------------------------------- >set tracefile = /path-to-trace/qpop.trace >set clear-text-password = tls >set tls-support = stls >set tls-version = default >set tls-server-cert-file = /path-to-ssl/cert.key >set tls-private-key-file = /path-to-ssl/priv.key >set debug = true >----------------------------------------- > >See the option "set clear-text-password = tls". Why does popper still allow >un-encrypted communications?
Try getting a debug trace. 1. Do a 'make clean' 2. Re-run ./configure, adding '--enable-debugging'. 3. Move the 'set debug = true' line to the top of the config file. 4. Send inetd (or xinetd) a HUP signal. You might want to use 'set tracefile = path-to-trace-file' instead of 'set debug', to cause tracing to go to its own file, but that's up to you.
