[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-mailutils] pop3d sanity check
From: |
Sergey Poznyakoff |
Subject: |
Re: [bug-mailutils] pop3d sanity check |
Date: |
Mon, 07 Jul 2008 23:28:28 +0300 |
D. E. Evans <address@hidden> ha escrit:
> /usr/sbin/pop3d -d -p 995 --tls-required --ssl-cert=/etc/ca-cert.pem \
> --ssl-key=/etc/ca-key.pem
[...]
> On fencepost, I then run fetchmail with the following rc entry:
>
> poll mail.deevans.net with proto POP3 user foo there with password "foobar"
> is foo here ssl mda "/usr/sbin/sendmail -oem %T"
The option --tls-required tells pop3d to not allow authentication
prior to reveiving STLS command (RFC 2595, ch. 4) and finishing TLS
negotiation. The initial connection is still expected to be a plaintext
one (albeit on port 995). In the contrast, the fetchmail parameter `ssl'
tells it to initiate encrypted connection at once, without issuing STLS
command. That's why you get `unknown protocol' error.
To fix this, do the following:
1. Start pop3d on the usual port (110):
/usr/sbin/pop3d -d --tls-required --ssl-cert=/etc/ca-cert.pem \
--ssl-key=/etc/ca-key.pem
2. Use fetchmail's tls1 option:
poll mail.deevans.net with proto POP3 user foo there with password
"foobar" is foo here ssl sslproto tls1 mda "/usr/sbin/sendmail -oem %T"
Regards,
Sergey