At 02:29 PM 1/10/02, you wrote: >Mmmm, the private KEY is in the CERTIFICATE. And i didnīt have any problems >with that.
No, it doesn't work that way. You must have the following TWO lines in your config: set tls-server-cert-file=<cert file> set tls-private-key-file=<private key file> >Can anybody tell me how to tell QPOPPER to bind to port 995. Iīm running it >in STAND ALONE mode. So NO INETD or XINETD available. But if INETD is the >ONLY solution well, iīll recompile and use it that WAY. Someone else should be able to answer this. I personally run qpopper from xinetd for a variety of reasons. >I try the solution proposed in the administrator guide, about THREE conf >files. But didnīt work. Sincerely, i didnīt understand it so may be i did it >WRONG. A production working example of the conf file(s) will be WELCOME. =D. The config file tells qpopper HOW to run the TLS protocol (set tls-support=<option>) but does not tell it what port to run it on. >Thanks a lot for your help DANIEL. >Fernando > >PD: i canīt believe OUTLOOKŪ 2000 canīt support STLS command =( Worse: Outlook (all versions I've tried, Express and otherwise) actually do support STLS for SMTP on port 25, but if you change to another port for SMTP (e.g. the SUBMISSION port, 587) it fails to negotiate STLS. Fortunately, Eudora 5.1 does an outstanding job of implementing TLS. I've been pushing my customers toward Eudora ever since 5.1 came out. It works great, doesn't explode, and doesn't seem to have virus vulnerability issues. >----- Original Message ----- >From: "Daniel Senie" <[EMAIL PROTECTED]> >To: "Fernando Casas" <[EMAIL PROTECTED]>; "Subscribers of Qpopper" ><[EMAIL PROTECTED]> >Sent: Thursday, January 10, 2002 4:03 PM >Subject: Re: TLS/SSL > > >At 01:50 PM 1/10/02, Fernando Casas wrote: > >Hi, iīm new to the list. Iīm from argentina so please excuse my bad >english. > >Iīm having trouble with TLS/SSL with the fabubous QPOPPER. Everything but > >that itīs going smoothly and let me tell you QPOPPER RULEEESS. ;) > >Ok, iīll proceed with the problem description. > >My compile options were: > > > >./configure --enable-server-mode --enable-standalone --enable-shy --enable- >b > >ulletins --disable-old-spool-loc --enable-home-dir-mail=Mailbox --with-open >s > >sl > > > >And my config file its tuned like this: > > > >set server-mode > >set reverse-lookup > >set fast-update > >set statistics = true > >set tls-support = stls > >set tls-server-cert-file = /etc/mail/certs/cert.pem > >You are missing a config line telling qpopper where to find your private >key. May not be the only problem, but it certainly is one problem. > > > >Iīm using Outlook Express 5.5 (also tried with OUTLOOK 2K). When i try to > >connect to the POP3 server, without SSL, everything gows smoothly. But when > >i configure OU to use SSL on port 110, i get this msg: > >Well, if you're going to use OE, you have to set up a second instance of >qpopper, on port 995, with set tls-support=alternate-port. You see, the >folks at Microsoft haven't figured out this STARTTLS thing. Hopefully they >will get around to fixing their product at some point. Until then, you have >to run two separate configs of qpopper. > > > >A secure connection to the server could not be established. Account: > >'192.168.0.70', Server: '192.168.0.70', Protocol: POP3, Port: 110, > >Secure(SSL): Yes, Error Number: 0x800CCC1A > > > >And QPOPPER write this to the logs: > > > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR Unknown command: "\200a^A^C^A". > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR POP EOF or I/O Error > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27688]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR Unknown command: "\200b^A\200^A". > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR POP EOF or I/O Error > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27689]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR Unknown command: "^V^C". > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR POP EOF or I/O Error > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27690]: I/O error flushing > >output to client at 192.168.0.71 [192.168.0.71]: Operation not permitted > >(1) > >Jan 10 15:36:24 mcafee /usr/local/sbin/popper[27691]: (null) at >192.168.0.71 > >(192.168.0.71): -ERR POP EOF or I/O Error > > > >Also i tried to set TLS-SUPPORT to ALTERNARTE-PORT, in that case SSL WORKS > >GREAT, but normal why DONīT. The logs tells that a TLS HANDSHAKE FAILED in > >that case. > > > >In both cases iīm using ONLY port 110. Because i canīt find the way to tell > >QPOPPER to bind SSL to port 995 and normal POP3 to port 110. > >So you were looking for the right things. If you're running from inetd or >xinetd, you'd have to tell that software that you'd like it to respond on >port 995 as well as 110. > > >Any ideas? Articles to read? Anything? > >Thanks in advance. > >Fernando. > > > >************************** > > Fernando Casas > > > > LAN-WAN-Internet-Seguridad > > Soporte GNU/Linux > > > >celular: 156-162861 > >email: [EMAIL PROTECTED] > >http://www.secdata.com.ar > >************************** > >----------------------------------------------------------------- >Daniel Senie [EMAIL PROTECTED] >Amaranth Networks Inc. http://www.amaranth.com ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
