[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-security-discuss
Subject:    Re: [Security Discuss] Any one know of a way to run pop3 over ssl?
From:       "Ken Mausey" <ken () mausey ! net>
Date:       2001-08-01 21:20:19
[Download RAW message or body]

I will have to look into that. Sounds like it is a better way.

Ken Mausey

----- Original Message -----
From: "Buchan Milne" <bgmilne@cae.co.za>
To: <security-discuss@linux-mandrake.com>
Sent: Wednesday, August 01, 2001 1:14 PM
Subject: Re: [Security Discuss] Any one know of a way to run pop3 over ssl?


> The commands work fine (used it myself the first few times), but it is
> much more convenient to have your users import one CA cert, and sign all
> yuor other certs with it. I prefer not to have users get into the habit
> of clicking yes,yes,yes, when they see a new cert ... I have made new
> certs for our mail server (imaps and pop3s), webmail server (apache) all
> webmin servers (3), our mandrake firewall, our single Windows 2000
> servers webserver (don't ask ...) and a few other things ....
>
>
> Buchan
>
>
> Ken Mausey wrote:
>
> >The way that I generate certs for pop3s and imaps is the commands....
> >
> >cd /usr/lib/ssl/certs
> >
> >openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days
365
> >(This is all on one line)
> >
> >Notes: The key is not password protected, so protect it or the server
might
> >be compromised. The common name it will ask you for should be the SAME as
> >the name you put in the mail program ie. 192.168.0.1 or whatever. If you
use
> >the DNS name for access, use it ie. mail.myserver.net, otherwise it will
> >complain to you everytime you connect.
> >
> >As below, this file should be re-named (That is the server.pem file) to
the
> >names below, copied to the location below. Buchan is right on as usual, I
> >just offer this as extra info. Server.pem will work for both of these
files
> >below, you just name it both names. (I hope that poor explaination is
easily
> >understood) This all works slick in Mandrake 8, assuming you have both
> >services activated in the xinetd config file for each. You also must have
> >xinetd running. Checking the syslog after `service xinetd stop` and
`service
> >xinetd start` should show that it was running and you stopped it, then
show
> >it starting back up with the xinetd services you have activated.
> >
> >Ken Mausey
> >
> >
> >----- Original Message -----
> >From: "Buchan Milne" <bgmilne@cae.co.za>
> >To: <security-discuss@mandrax.org>
> >Sent: Tuesday, July 31, 2001 6:44 AM
> >Subject: Re: [Security Discuss] Any one know of a way to run pop3 over
ssl?
> >
> >
> >>James Sparenberg wrote:
> >>
> >>>All,
> >>>  First thanks in advance for your help.  I've been lurking for a while
> >>>
> >and have never failed to learn something from all of you.  My question is
> >trying to setup both Linux-Mandrake and Windwos (yep some of our board
still
> >uses it. *sigh*) to grab e-mail using spop3 instead of pop3.  Any tips on
> >HowTo's etc would be great. I've been trying to get stunnel to work but
I've
> >found that I have 4 howto's and none of them seems to work.  Again thanks
> >for the information.
> >
> >>>James Sparenberg
> >>>
> >>imap2000 (as shipped with Mandrake 8.0) has built in support (via
> >>openssl) for pop3s and imaps. You just need to generate yourself a cert,
> >>and place it in
> >>/usr/share/ssl/certs/imapsd.pem (IMAP)
> >>or
> >>/usr/share/ssl/certs/ipop3sd.pem (POP)
> >>
> >>I would suggest using the CA scripts available at
> >>http://www.openssl.org/contrib (make a ca cert, which you import on all
> >>machines, and then sign all certs with the ca cert)
> >>
> >>You might also want to check your /etc/xinet.d/imaps and
> >>/etc/xinet.d/pop3s files, and your hosts.allow
> >>
> >>Buchan
> >>
> >>--
> >>|----------------Registered Linux User #182071-----------------|
> >>Buchan Milne                Mechanical Engineer, Network Manager
> >>Cellphone * Work               +27 82 472 2231 * +27 21 808 2497
> >>Stellenbosch Automotive Engineering         http://www.cae.co.za
> >>
> >>
> >>
> >
>
>
> --
> |----------------Registered Linux User #182071-----------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work               +27 82 472 2231 * +27 21 808 2497
> Stellenbosch Automotive Engineering         http://www.cae.co.za
>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]