Re: [bug-mailutils] pop3d sanity check

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] pop3d sanity check

From:	Sergey Poznyakoff
Subject:	Re: [bug-mailutils] pop3d sanity check
Date:	Mon, 07 Jul 2008 23:28:28 +0300

D. E. Evans <address@hidden> ha escrit:

> /usr/sbin/pop3d -d -p 995 --tls-required --ssl-cert=/etc/ca-cert.pem \
>       --ssl-key=/etc/ca-key.pem
[...]
> On fencepost, I then run fetchmail with the following rc entry:
> 
> poll mail.deevans.net with proto POP3 user foo there with password "foobar" 
> is foo here ssl mda "/usr/sbin/sendmail -oem %T"

The option --tls-required tells pop3d to not allow authentication
prior to reveiving STLS command (RFC 2595, ch. 4) and finishing TLS
negotiation.  The initial connection is still expected to be a plaintext
one (albeit on port 995).  In the contrast, the fetchmail parameter `ssl'
tells it to initiate encrypted connection at once, without issuing STLS
command.  That's why you get `unknown protocol' error.

To fix this, do the following:

1. Start pop3d on the usual port (110):

/usr/sbin/pop3d -d --tls-required --ssl-cert=/etc/ca-cert.pem \
        --ssl-key=/etc/ca-key.pem

2. Use fetchmail's tls1 option:

poll mail.deevans.net with proto POP3 user foo there with password
"foobar" is foo here ssl sslproto tls1 mda "/usr/sbin/sendmail -oem %T"

Regards,
Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] pop3d sanity check, D. E. Evans, 2008/07/05
- Re: [bug-mailutils] pop3d sanity check, Sergey Poznyakoff <=
  - Re: [bug-mailutils] pop3d sanity check, D. E. Evans, 2008/07/07

Prev by Date: [bug-mailutils] pop3d sanity check
Next by Date: Re: [bug-mailutils] pop3d sanity check
Previous by thread: [bug-mailutils] pop3d sanity check
Next by thread: Re: [bug-mailutils] pop3d sanity check
Index(es):
- Date
- Thread