[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] pop3d sanity check

From: D. E. Evans
Subject: Re: [bug-mailutils] pop3d sanity check
Date: Mon, 07 Jul 2008 20:43:35 -0400

   To fix this, do the following:
   1. Start pop3d on the usual port (110):
   /usr/sbin/pop3d -d --tls-required --ssl-cert=/etc/ca-cert.pem \
   2. Use fetchmail's tls1 option:
   poll mail.deevans.net with proto POP3 user foo there with password
   "foobar" is foo here ssl sslproto tls1 mda "/usr/sbin/sendmail -oem %T"
This seems to have got me farther, but it hanges on certificate
verification.  The following is from fetchmail -v:

fetchmail: 6.3.2 querying mail.deevans.net (protocol POP3) at Mon 07 Jul 2008 
08:39:28 PM EDT: poll started
fetchmail: POP3< +OK POP3 Ready <address@hidden>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< UIDL
fetchmail: POP3< RESP-CODES
fetchmail: POP3< PIPELINING
fetchmail: POP3< STLS
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin TLS negotiation
fetchmail: Issuer Organization: deevans.net
fetchmail: Issuer CommonName: mail.deevans.net
fetchmail: Server CommonName: mail.deevans.net
fetchmail: mail.deevans.net key fingerprint: 
fetchmail: Server certificate verification error: unable to get local issuer 
fetchmail: Server certificate verification error: unable to verify the first 

This is the output from the certtool generation.  Perhaps I'm
creating the certificate incorrectly:

Country name (2 chars): US
Organization name: deevans.net
Organizational unit name:
Locality name: Murray
State or province name: UT
Common name: mail.deevans.net
This field should not be used in new certificates.
Enter the certificate's serial number (decimal):

Activation/Expiration time.
The certificate will expire in (days): 700

Does the certificate belong to an authority? (Y/N): n
Is this a TLS web client certificate? (Y/N): n
Is this also a TLS web server certificate? (Y/N): n
Enter the e-mail of the subject of the certificate: address@hidden
Will the certificate be used for signing (required for TLS)? (Y/N): y
Will the certificate be used for encryption (not required for TLS)? (Y/N): n
Enter the URI of the CRL distribution point:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]