[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss] tpop3d-1.5.1 and SSL configuration
From: |
Chris Lightfoot |
Subject: |
Re: [tpop3d-discuss] tpop3d-1.5.1 and SSL configuration |
Date: |
Thu, 21 Aug 2003 11:16:47 +0100 |
User-agent: |
Mutt/1.3.24i |
On Thu, Aug 21, 2003 at 11:13:09AM +0300, ODHIAMBO Washington wrote:
> * Chris Lightfoot <address@hidden> [20030820 18:07]: wrote:
> > On Wed, Aug 20, 2003 at 05:59:44PM +0300, ODHIAMBO Washington wrote:
> > > listen-address: 62.8.64.4(pop.wananchi.com)
> > > 212.49.74.4(smtp.wananchi.com) 192.168.50.3(mail.wananchi.com)
> > >
> > > I would like to add the same names, but now on SSL port, like
> > >
> > > 62.8.64.4:995;tls=stls,wananchi.crt,wananchikey\
> > > 212.49.74.4:995;tls=stls,wananchi.crt,wananchi.key\
> > > 192.168.50.3:995;tls=stls,wananchicrt,wananchi.key
> >
> > No, should be tls=immediate to negotiate encryption
> > immediately on connection. You could add tls=stls and the
> > certificate names to the normal listen-address
> > specifications too, so that clients can negotiate
> > encryption if they want it.
>
>
> Okay, I am a bit lost, since brackets and even dots have special meanings in
> regexes.
> I am not a programmer though, so bear with me.
> I have tried
>
> listen-address: 62.8.64.4:110/^([a-zA-Z]+\.wananchi\.com)/ \
> 212.49.74.4:110/^([a-zA-Z]+\.wananchi\.com)/ \
> 192.168.50.3:110/^([a-zA-Z]+\.wananchi\.com)/ \
Um. I'm not sure what you're trying to achieve here.
The idea of `mass virtual hosting' and the regexp is that
you say,
listen-address: 0.0.0.0:100/^pop3\.(.+\)$/
on a machine which has lots of interfaces all with IP
addresses mapping to pop3.example.com, pop3.example.org,
.... So when a user connects (say to pop3.example.com)
tpop3d looks up the address to which they've connected,
and applies the regex to it, in the above example getting
`example.com', which it then uses as the address.
In your case, since you're listening on several addresses
with one domain, you don't need to use a regex at all.
>
> Obviously this is wrong somewhere because I get an error. When I test:
>
> ./tpop3d -f ./tpop3d.conf -d -v
>
> I get:
>
> TCP Wrappers support enabled, using daemon name `tpop3d'
> listener_new: bind(62.8.64.4:110): Can't assign requested address
> listener_new: bind(212.49.74.4:110): Can't assign requested address
> listener_new: bind(192.168.50.3:110): Can't assign requested address
> tpop3d.conf: no listen addresses obtained; exiting
>
> That complicates it if I were to add tls=stls also.
That error -- EADDRNOTAVAIL -- typically occurs when
you've tried to listen on an address not available on the
local machine. Check the interfaces with ifconfig.
> Any help with a complete syntax for listen-address: that also has tls
> support???
The above should work, modulo the error.
> > > Secondly, I would like to try the bulletin thingie, and so I have added:
> > >
> > > onlogin-child-wait: true
> > > auth-perl-enable: true
> > > auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
> > >
> > > Would this suffice to achieve the desired result (config-wise)??
> >
> > Almost. You need to add an
> > auth-perl-onlogin: name_of_function
> > statement so that tpop3d actually runs the bulletins
> > function at login time.
>
>
> Hang on.. since I do not use auth-perl to authenticate users, does it
> mean that I require only three directives to run the bulletins, viz:
>
> onlogin-child-wait: true
> auth-perl-enable: true
> auth-perl-onlogin: do '/usr/local/etc/tpop3d/bulletins.pl';
No.
onlogin-child-wait: true
auth-perl-enable: true # but no apop or pass handler
auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
auth-perl-onlogin: deliver_bulletins # or whatever the subroutine is called
>
> We use auth-pam and auth-mysql for users. I only want to run the bulletins
> stuff and that is wht auth-perl is coming into the mix.
auth-perl is only needed so that you get the perl
interpreter. When I implemented onlogin support, this
seemed the neatest way to do it. See
README.POP-before-SMTP for more information.
--
``I shouldn't say `I don't think so,' although that's what I think.''
(Donald Rumsfeld)