From owner-freebsd-questions@FreeBSD.ORG Tue Jul 13 01:48:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE44C16A4CE for ; Tue, 13 Jul 2004 01:48:45 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 706BB43D53 for ; Tue, 13 Jul 2004 01:48:45 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from [192.168.1.100] (nat-server.secure-computing.net [63.228.14.245]) (authenticated bits=0)i6D1mVBb011824; Mon, 12 Jul 2004 20:48:32 -0500 (CDT) (envelope-from ecrist@secure-computing.net) From: Eric Crist Organization: Secure Computing Networks To: freebsd-questions@freebsd.org Date: Mon, 12 Jul 2004 20:52:34 -0500 User-Agent: KMail/1.6.2 References: <200407121801.34698.ecrist@secure-computing.net> <200407121816.01713.racerx@makeworld.com> <8736B03E-D45B-11D8-A27F-000393681B06@lafn.org> In-Reply-To: <8736B03E-D45B-11D8-A27F-000393681B06@lafn.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407122052.34384.ecrist@secure-computing.net> X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72 on grog.secure-computing.net X-Virus-Status: Clean Subject: Re: pop3s server? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@secure-computing.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jul 2004 01:48:46 -0000 On Monday 12 July 2004 18:30, Doug Hardie wrote: > On Jul 12, 2004, at 16:16, Chris wrote: > > On Monday 12 July 2004 06:01 pm, Eric Crist wrote: > >> What can I use as a secure (SSL) pop3 server. I'm trying to > >> eliminate all > >> instances of passwords being transmitted to my network unencrypted. > >> Mail > >> is all that is left. I want to setup pop as a secure service, before > >> I > >> worry about fighting with sendmail and SSL. > > > > qpopper offers both SSL and APOP options. > > I use qpopper with SSL quite successfully. Its straight forward to > setup. However, getting the clients to work with that protocol can be > quite difficult. Eudora in particular has a broken TSL implementation > so you have to disable TSL and let it default to SSL before it will > work. Ok. Ignore my previous messages. I've got TSL working, but APOP is not working, even though the server says it supports it. I get an error about some DB not existing. Any ideas? Also, I followed the previously listed example to create a certificate. How do I use my existing web certificates? I think they're separate cert/key files. Do I need to combine these? Is it better to make a second cert/key for my mail server, only sign it with my CA cert? I've created my own CA that my users trust, I just don't do this often enough to remember the process. Almost there with this part! TIA -- Eric F Crist Keep your pecker hard and your powder dry, and the world WILL turn.