Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Configure POP3 SECURE

  1. #1
    Join Date
    Jul 2003
    Posts
    53

    Configure POP3 SECURE

    If you want POP3 Secure (port 995) then you have to download the stunnel package www.stunnel.org

    Create an PEM file (described on stunnel.org) and create the below entry's in xinetd.conf or in /etc/xinitd.d/

    service pop3s
    {
    disable = no
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/stunnel
    server_args = -T -p /etc/stunnel/stunnel.pem -l /usr/sbin/vm-pop3d -- vmpop3d -i -u 99
    }

    after that do a service xinetd restart and your done....port 995 is ready and users can enjoy security.

    Cheers!

  2. #2
    Join Date
    Oct 2003
    Location
    Lecanto, FL USA
    Posts
    198
    So can users still use non secure if they want?
    Last edited by ProHS; 02-09-2004 at 03:57 PM.
    Thanks,
    Scott Murrow
    ----------------------------------

    Pro Hosting Solutions Team
    Paying too much? Check us out!

  3. #3
    Hello,

    yes, pop3s uses port 995, so regular pop on port 110 shouldn't be affected.

    John

  4. #4
    Join Date
    Oct 2003
    Location
    Lecanto, FL USA
    Posts
    198
    Which one do i get, the SSL source code?
    Thanks,
    Scott Murrow
    ----------------------------------

    Pro Hosting Solutions Team
    Paying too much? Check us out!

  5. #5
    Hello,

    DA installs the regular port 110 pop version.. not sure what you're referring to with regards to source code.

    John

  6. #6
    Join Date
    Oct 2003
    Location
    Lecanto, FL USA
    Posts
    198
    would the file be inetd.config on FreeBSD?
    Thanks,
    Scott Murrow
    ----------------------------------

    Pro Hosting Solutions Team
    Paying too much? Check us out!

  7. #7
    Hello,

    for FreeBSD, they're all stored in one file located at /etc/inetd.conf

    John

  8. #8
    Join Date
    Jun 2003
    Location
    UK
    Posts
    2,326
    Moving to How-To area, and also been added to the DirectAdmin Server Checklist
    OptimumServers » Managed Dedicated Servers & General Systems Management » Coming Soon!
    ProWebUK - Quality Web Services
    DirectAdmin Server Checklist

  9. #9
    Join Date
    Aug 2003
    Location
    Schenectady, NY
    Posts
    1,178
    oops, sorry
    Joseph Mack http://www.hostpc.com Since November 1998
    DirectAdmin Hosting and Dedicated Servers Since August 2003

  10. #10
    Join Date
    Aug 2003
    Posts
    575
    How can I get rid of the untrusted certificate authority warnings in my email client?

    Thanks,
    Matt

  11. #11
    Join Date
    Mar 2004
    Location
    Edinburgh,Scotland
    Posts
    329
    Originally posted by thoroughfare
    How can I get rid of the untrusted certificate authority warnings in my email client?
    I think you will have to install a certificate issued by one of the ssl providers like geotrust, verisign, etc.

    I would be interested how this could be applied to a number of domains - does each domain need a certificate or would a wild card do.

    Jon

  12. #12
    Join Date
    Aug 2003
    Posts
    575
    A wildcard cert wouldn't work... because you couldn't buy *.com for example.

    I tried using the SSL cert I bought for DirectAdmin and HTTPS - and it didn't work, Stunnel returned a load of errors.

    My admin said you'd need you're on CA root, but when he tried it, it didn't work either.

    Matt

  13. #13
    Join Date
    Mar 2004
    Location
    Edinburgh,Scotland
    Posts
    329
    What problems did your admin have and with which certificate provider?

    Jon

  14. #14
    Join Date
    Aug 2003
    Posts
    575
    When we tried a bought cert (UTN root, from FreeSSL.com), it came back with errors (can't remember the specific errors), and when he tried a self-signed CA, Stunnel wouldn't accept it either.

    Matt

  15. #15
    Join Date
    Jan 2004
    Posts
    217

    Stunnel Config on FreeBSD 4.8

    Uhg.. I've got Stunnel installed and I did the config file. I basically followed the instructions shown HERE

    It's a no go as of now. Any help would be greatly appreciated.

    TIA

    Brandt

  16. #16
    Join Date
    Apr 2004
    Posts
    85
    what about for the smtp connection, how would we get that for outgoing mail?

  17. #17
    Join Date
    Jul 2004
    Posts
    57
    I got it working on my FreeBSD 4.10.

    I have a GeoTrust QuickSSL for "secure.domain.com," so I put the private key and certificate for "secure.domain.com" in one file /usr/local/etc/stunnel/domain.com.pem:

    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
    <blank line>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    <blank line>

    Make sure only root can read this file:
    # chown root /usr/local/etc/stunnel/domain.com.pem
    # chmod 600 /usr/local/etc/stunnel/domain.com.pem

    Set cert to this file in /usr/local/etc/stunnel/stunnel.conf:
    cert = /usr/local/etc/stunnel/domain.com.pem
    ...
    #CApath
    #CAfile
    #CRLpath
    #CRLfile
    ...
    [pop3s]
    accept = 995
    connect = 110
    ...
    [ssmtp]
    accept = 465
    connect = 25

    (The "..." above means blank lines and other settings.)

    Now I can access SSL POP3 through "secure.domain.com" using Eudora or OutlookExpress. In Eudora, set Incoming Mail's Authentication style to Password + Secure Sockets when Receiving to "Required, Alternate Port". First check mail will result in an error. Just go back to the Incoming Mail property and click on 'Last SSL Info' to add the certificate to the computer. In OutlookExpress, make sure you set the SSL connection checkbox for incoming mail.

    SSL SMTP is also working. For OutlookExpress, you will need to specify the port (465). Eudora knows the alternate port (set Secure Sockets when Sending to "Required, Alternate Port").

    I also disabled normal POP3 using IPFW to force all users to go through SSL POP3 to get their mail. Extra precaution to prevent passwords from being sniffed off the network. I can't disable SMTP in the same way because I'd cut off normal mail flow too.
    Last edited by Yikes2000; 09-02-2004 at 04:42 PM.

  18. #18
    Join Date
    Aug 2003
    Posts
    575
    Yikes,

    Can paste your settings from inetd.conf please?

    Much appreciated,
    Matt

  19. #19
    Join Date
    Jul 2004
    Posts
    57
    Which part of inetd.conf? It's pretty sparse... everything is turned off except for imap4. (And I don't remember why it is turned on. )

  20. #20
    Join Date
    Aug 2003
    Posts
    575
    Well the Linux Stunnel seemed to need xinetd to run, so I presumed the FreeBSD version needed inetd. It seems it's running quite happily as an independent daemon however

    Imap4 is there for SquirrelMail

    Matt

Page 1 of 2 12 LastLast

Similar Threads

  1. How to configure DNS ?
    By cletus8 in forum DNS
    Replies: 2
    Last Post: 08-28-2010, 01:23 PM
  2. Check the configure/ap2/configure.php5 file
    By franky in forum Installation / System Requirements
    Replies: 1
    Last Post: 05-26-2010, 05:45 PM
  3. HOWTO: Secure POP3/SMTP/IMAP over SSL
    By martinfst in forum How-To Guides
    Replies: 11
    Last Post: 10-22-2008, 09:03 PM
  4. How to configure DNS?
    By shults in forum General Technical Discussion & Troubleshooting
    Replies: 5
    Last Post: 08-09-2007, 12:46 AM
  5. secure Pop3/SMTP
    By interfasys in forum Feedback & Feature Requests
    Replies: 0
    Last Post: 06-25-2004, 05:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •