[Techtalk] setting up POP3 over SSL
Katie Bechtold
katie at katie-and-rob.org
Fri Feb 20 16:10:23 EST 2004
I'm trying to set up a POP3 server to tunnel over SSL, and I'm
having some trouble with it. This is a Debian system with stunnel
3.22-1 installed, and qmail-smtpd, qmail-send, and qmail-pop3d
installed as described in www.lifewithqmail.org.
I followed the directions in /usr/share/doc/stunnel/README.Debian:
server# cd /etc/ssl/certs
server# openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout
stunnel.pem
server# chmod 600 stunnel.pem
server# dd if=/dev/urandom of=temp_file count=2
server# openssl dhparam -rand temp_file 512 >> stunnel.pem
server# ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
I altered the script that starts up the POP3 daemon:
server# cat /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
HOSTNAME=`mail.server.com`
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -vHR -l$HOSTNAME -c20 0 995 \
/usr/sbin/stunnel -p /etc/ssl/certs/stunnel.pem -f -l \
/var/qmail/bin/qmail-popup -- qmail-popup $HOSTNAME \
/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 2>&1
I restarted the POP3 daemon and saw that it was listening:
server# netstat -lp | grep pop3s
tcp 0 0 *:pop3s *:* LISTEN 20366/tcpserver
But when I try to connect from a client, I get this error:
client$ openssl s_client -connect mail.server.com:pop3s -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=104
And that's where I'm stumped. Did I omit some crucial step? Any
idea what that SSL error means?
--
Katie Bechtold http://katie-and-rob.org/
You know you've landed gear-up when it takes full power to taxi.
More information about the Techtalk
mailing list