Re: qmail + sslwrap

[Chris Johnson]

On Mon, Nov 29, 1999 at 09:24:42AM +0100, Van Liedekerke Franky wrote:
 Hi,
 
 has anyone succeeded in using sslwrap together with tcpserver for qmail-pop?
 And would that person mind sharing his experience?

I've been using it for ages. I followed the sslwrap documentation to create the
certificates and whatnot, and here's the script I use to start it up:

#!/bin/sh

exec tcpserver -RH -c10 -u444 -g444 0 spop3 /usr/local/libexec/sslwrap \
-cert /usr/local/openssl/certs/server.pem -port 110

UID and GID 444 belong to an unprivileged user and group I created; there's no
reason to run it with root privileges.  

I have qmail-popup/qmail-pop3d running in the conventional way on port 110.

Chris

RE: qmail + sslwrap

[Van Liedekerke Franky]

The problem in this approach is that you make a new connection to localhost.
This messes up things like 
serialmail... and the -exec option doesn't accept options for the program,
unless you hack up the source.
I've heard about stunnel as well. Which of the two packages is the favorite?

Franky

 --
 From: Chris Johnson[SMTP:[EMAIL PROTECTED]]
 Sent: Monday, November 29, 1999 5:47 PM
 To:   Van Liedekerke Franky
 Cc:   'qmail list'
 Subject:  Re: qmail + sslwrap
 
 On Mon, Nov 29, 1999 at 09:24:42AM +0100, Van Liedekerke Franky wrote:
  Hi,
  
  has anyone succeeded in using sslwrap together with tcpserver for
 qmail-pop?
  And would that person mind sharing his experience?
 
 I've been using it for ages. I followed the sslwrap documentation to
 create the
 certificates and whatnot, and here's the script I use to start it up:
 
 #!/bin/sh
 
 exec tcpserver -RH -c10 -u444 -g444 0 spop3 /usr/local/libexec/sslwrap \
 -cert /usr/local/openssl/certs/server.pem -port 110
 
 UID and GID 444 belong to an unprivileged user and group I created;
 there's no
 reason to run it with root privileges.  
 
 I have qmail-popup/qmail-pop3d running in the conventional way on port
 110.
 
 Chris