Friday September 10 , 2010
Text Size
   



Enabling qmail-pop3dssl (optional)

Bill

PDFPrintE-mail

Apr 02 |18:27 pm
Last Updated on Thursday, 13 March 2008 07:37
Updated 3/13/08: Added a section to remove the pop3 scripts from /usr/local/etc/rc.d

Basically you will want to use qmail-pop3dssl if you want a completely secure setup which includes smtp and pop3 ssl or tls. This section will cover installing pop3d via ssl.

First lets get the scripts copied over:


# cd /var/qmail/supervise/
# mkdir -m 1755 qmail-pop3dssl
# cd qmail-pop3dssl
# fetch http://freebsdrocks.net/files/service-pop3ssl-run
# mv service-pop3ssl-run run
# chmod 755 run
# mkdir -m 1755 log
# cd log
# fetch http://freebsdrocks.net/files/service-any-log-run
# mv service-any-log-run run
# chmod 755 run

Create the pop3d-ssl cert by running the following command:


# cd /usr/local/share/courier-imap
# openssl req -new -x509 -nodes -out pop3d.pem -keyout pop3d.pem -days 3650

When you run this command, It is going to ask you a series of questions. it will ask you for the Country, City or Province, Locality, and Organization name all of which are optional.  The next thing it will ask you is very important which is the common name. This will be the name people will be putting into their pop3d ssl server name. For instance, If all your users type pop3.ssl.server into their pop3 server name, then thats what you will want to put into the Common name. If you don't, your users will get a nag screen everytime they open up their mail client which can cause confusion and often upset users.

Now to copy a new conf files:


# cd /usr/local/etc/courier-imap
# cp pop3d.cnf.dist pop3d.cnf
# cp pop3d-ssl.dist pop3d-ssl

Modify /usr/local/etc/courier-imap/pop3d-ssl so it includes the below lines:


POP3DSSLSTART=YES
TLS_CERTFILE=/usr/local/share/courier-imap/pop3d.pem 

Now lets start the service:


# ln -s /var/qmail/supervise/qmail-pop3dssl /service/qmail-pop3dssl

Now if you run:


# svstat /service/qmail-pop3dssl /service/qmail-pop3dssl/log

You should get something like:


/service/qmail-pop3dssl: up (pid 26984) 156 seconds
/service/qmail-pop3dssl/log: up (pid 26711) 323 seconds

You're done! POP3D-SSL is setup and ready!

Now lets remove the 2 startups scripts in /usr/local/etc/rc.d:


# rm /usr/local/etc/rc.d/courier-imap-pop3d
# rm /usr/local/etc/rc.d/courier-imap-pop3d-ssl

 

< Prev   Next >