RE: cyrus and SSL/stunnel

2002-03-07 Thread Jeff Bert 

Thanks, I got it to work finally, created the cert via:

openssl req -new -x509 -days 365 -nodes -config /usr/lib/ssl/openssl.cnf \
  -out /usr/cyrus/cyrus.pem -keyout /usr/cyrus/cyrus.pem 

then added these lines to my imapd.conf file:

tls_ca_path: /usr/cyrus
tls_ca_file: /usr/cyrus/cyrus.pem
tls_cert_file: /usr/cyrus/cyrus.pem
tls_key_file: /usr/cyrus/cyrus.pem

and boom, it's working this way... now i have another question but
I'll put that in another topic..

thanks all, good group here

Jeff

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
> Sent: Thursday, March 07, 2002 11:14 PM
> To: [EMAIL PROTECTED]
> Subject: RE: cyrus and SSL/stunnel
> 
> 
> On Thu, 7 Mar 2002, Jeff Bert wrote:
> 
> > darnit, now you've got my curiosity peeked again ;)
> > 
> > my "man imapd.conf" has no information about the tls_key_file
> > stuff.
> > 
> > any recommendations on type of cert/key to make? RSA?
> 
> Have a short look on the file install-configure.html of the 
> doc-Directory in
> your Cyrus-Source-Directory.
> There is a short paragraph about Cyrus with TLS/SSL - how to create the
> Certs and how to configure.
> 
> HTH
> Marko D.
> 
> -- 
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
> 
>

RE: cyrus and SSL/stunnel

2002-03-07 Thread mdam 

On Thu, 7 Mar 2002, Jeff Bert wrote:

> darnit, now you've got my curiosity peeked again ;)
> 
> my "man imapd.conf" has no information about the tls_key_file
> stuff.
> 
> any recommendations on type of cert/key to make? RSA?

Have a short look on the file install-configure.html of the doc-Directory in
your Cyrus-Source-Directory.
There is a short paragraph about Cyrus with TLS/SSL - how to create the
Certs and how to configure.

HTH
Marko D.

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

RE: cyrus and SSL/stunnel

2002-03-07 Thread Jeff Bert 

darnit, now you've got my curiosity peeked again ;)

my "man imapd.conf" has no information about the tls_key_file
stuff.

any recommendations on type of cert/key to make? RSA?

Jeff

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Amos Gouaux
> Sent: Thursday, March 07, 2002 10:13 PM
> To: [EMAIL PROTECTED]
> Subject: Re: cyrus and SSL/stunnel
>
>
> >>>>> On Thu, 7 Mar 2002 21:40:50 -0800,
> >>>>> Jeff Bert <[EMAIL PROTECTED]> (jb) writes:
>
> jb> I'm trying to get cyrus secured via SSL using stunnel and haven't been
> jb> successful yet... this is what I've tried:
>
> jb> editted cyrus.conf:
>
> jb> SERVICES {
> jb> ...
> jb> ...
> jb> pop3  cmd="/usr/sbin/stunnel -p
> /etc/stunnel/stunnel.pem -l pop3d"
> jb> listen="pop3" prefork=0
> jb> ...
> jb> ...
> jb> }
>
> jb> is anything like this possible? i need it secured via SSL for
> Windoze users.
>
> You're working too hard.  You can provide SSL (TLS) alternatives
> like this:
>
> SERVICES {
> ...
>   imaps cmd="imapd -s" listen="imaps" prefork=0
> ...
>   pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> ...
> }
>
> Then tell Cyrus where to find the certs using the imapd.conf
> settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file.
> See imapd.conf(5) for more info.  Oh, and don't forget to list the
> ports in /etc/services:
>
> imaps   993/tcp # imap via ssl
> pop3s   995/tcp # pop via ssl
>
>
> --
> Amos
>
>

Re: cyrus and SSL/stunnel

2002-03-07 Thread Amos Gouaux 

> On Thu, 7 Mar 2002 21:40:50 -0800,
> Jeff Bert <[EMAIL PROTECTED]> (jb) writes:

jb> I'm trying to get cyrus secured via SSL using stunnel and haven't been
jb> successful yet... this is what I've tried:

jb> editted cyrus.conf:

jb> SERVICES {
jb> ...
jb> ...
jb> pop3cmd="/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d"
jb> listen="pop3" prefork=0
jb> ...
jb> ...
jb> }

jb> is anything like this possible? i need it secured via SSL for Windoze users.

You're working too hard.  You can provide SSL (TLS) alternatives
like this:

SERVICES {
...
  imaps cmd="imapd -s" listen="imaps" prefork=0
...
  pop3s cmd="pop3d -s" listen="pop3s" prefork=0
...
}

Then tell Cyrus where to find the certs using the imapd.conf
settings tls_key_file, tls_cert_file, tls_ca_path, and tls_ca_file.
See imapd.conf(5) for more info.  Oh, and don't forget to list the
ports in /etc/services:

imaps   993/tcp # imap via ssl
pop3s   995/tcp # pop via ssl


-- 
Amos

cyrus and SSL/stunnel

2002-03-07 Thread Jeff Bert 

I'm trying to get cyrus secured via SSL using stunnel and haven't been
successful yet... this is what I've tried:

editted cyrus.conf:

SERVICES {
...
...
pop3cmd="/usr/sbin/stunnel -p /etc/stunnel/stunnel.pem -l pop3d"
listen="pop3" prefork=0
...
...
}

is anything like this possible? i need it secured via SSL for Windoze users.

Jeff