Re: [bug-mailutils] pop3d sanity check

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-mailutils] pop3d sanity check

From:	D. E. Evans
Subject:	Re: [bug-mailutils] pop3d sanity check
Date:	Mon, 07 Jul 2008 20:43:35 -0400

   To fix this, do the following:
   
   1. Start pop3d on the usual port (110):
   
   /usr/sbin/pop3d -d --tls-required --ssl-cert=/etc/ca-cert.pem \
        --ssl-key=/etc/ca-key.pem
   
   2. Use fetchmail's tls1 option:
   
   poll mail.deevans.net with proto POP3 user foo there with password
   "foobar" is foo here ssl sslproto tls1 mda "/usr/sbin/sendmail -oem %T"
   
This seems to have got me farther, but it hanges on certificate
verification.  The following is from fetchmail -v:

fetchmail: 6.3.2 querying mail.deevans.net (protocol POP3) at Mon 07 Jul 2008 
08:39:28 PM EDT: poll started
fetchmail: POP3< +OK POP3 Ready <address@hidden>
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< UIDL
fetchmail: POP3< RESP-CODES
fetchmail: POP3< PIPELINING
fetchmail: POP3< STLS
fetchmail: POP3< EXPIRE NEVER
fetchmail: POP3< XTLSREQUIRED
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin TLS negotiation
fetchmail: Issuer Organization: deevans.net
fetchmail: Issuer CommonName: mail.deevans.net
fetchmail: Server CommonName: mail.deevans.net
fetchmail: mail.deevans.net key fingerprint: 
98:CC:79:88:B4:20:D0:9E:1F:82:17:EB:21:39:55:11
fetchmail: Server certificate verification error: unable to get local issuer 
certificate
fetchmail: Server certificate verification error: unable to verify the first 
certificate

This is the output from the certtool generation.  Perhaps I'm
creating the certificate incorrectly:

Country name (2 chars): US
Organization name: deevans.net
Organizational unit name:
Locality name: Murray
State or province name: UT
Common name: mail.deevans.net
UID:
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number (decimal):


Activation/Expiration time.
The certificate will expire in (days): 700


Extensions.
Does the certificate belong to an authority? (Y/N): n
Is this a TLS web client certificate? (Y/N): n
Is this also a TLS web server certificate? (Y/N): n
Enter the e-mail of the subject of the certificate: address@hidden
Will the certificate be used for signing (required for TLS)? (Y/N): y
Will the certificate be used for encryption (not required for TLS)? (Y/N): n
Enter the URI of the CRL distribution point:

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] pop3d sanity check, D. E. Evans, 2008/07/05
- Re: [bug-mailutils] pop3d sanity check, Sergey Poznyakoff, 2008/07/07
  - Re: [bug-mailutils] pop3d sanity check, D. E. Evans <=

Prev by Date: Re: [bug-mailutils] pop3d sanity check
Next by Date: Re: [bug-mailutils] segfault by movemail with imap
Previous by thread: Re: [bug-mailutils] pop3d sanity check
Next by thread: Re: [bug-mailutils] segfault by movemail with imap
Index(es):
- Date
- Thread