[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] pop3d sanity check
From: |
D. E. Evans |
Subject: |
Re: [bug-mailutils] pop3d sanity check |
Date: |
Mon, 07 Jul 2008 20:43:35 -0400 |
To fix this, do the following:
1. Start pop3d on the usual port (110):
/usr/sbin/pop3d -d --tls-required --ssl-cert=/etc/ca-cert.pem \
--ssl-key=/etc/ca-key.pem
2. Use fetchmail's tls1 option:
poll mail.deevans.net with proto POP3 user foo there with password
"foobar" is foo here ssl sslproto tls1 mda "/usr/sbin/sendmail -oem %T"
This seems to have got me farther, but it hanges on certificate
verification. The following is from fetchmail -v:
fetchmail: 6.3.2 querying mail.deevans.net (protocol POP3) at Mon 07 Jul 2008
08:39:28 PM EDT: poll started
fetchmail: POP3< +OK POP3 Ready <address@hidden>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< UIDL
fetchmail: POP3< RESP-CODES
fetchmail: POP3< PIPELINING
fetchmail: POP3< STLS
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< XTLSREQUIRED
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin TLS negotiation
fetchmail: Issuer Organization: deevans.net
fetchmail: Issuer CommonName: mail.deevans.net
fetchmail: Server CommonName: mail.deevans.net
fetchmail: mail.deevans.net key fingerprint:
98:CC:79:88:B4:20:D0:9E:1F:82:17:EB:21:39:55:11
fetchmail: Server certificate verification error: unable to get local issuer
certificate
fetchmail: Server certificate verification error: unable to verify the first
certificate
This is the output from the certtool generation. Perhaps I'm
creating the certificate incorrectly:
Country name (2 chars): US
Organization name: deevans.net
Organizational unit name:
Locality name: Murray
State or province name: UT
Common name: mail.deevans.net
UID:
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number (decimal):
Activation/Expiration time.
The certificate will expire in (days): 700
Extensions.
Does the certificate belong to an authority? (Y/N): n
Is this a TLS web client certificate? (Y/N): n
Is this also a TLS web server certificate? (Y/N): n
Enter the e-mail of the subject of the certificate: address@hidden
Will the certificate be used for signing (required for TLS)? (Y/N): y
Will the certificate be used for encryption (not required for TLS)? (Y/N): n
Enter the URI of the CRL distribution point: