QPopper: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 1: | Zeile 1: | ||
This how to explains how to setup qpopper (pop3) with ssl encryption to securely download emails from your pop3. (JT:I used 1b) | This how to explains how to setup qpopper (pop3) with ssl encryption to securely download emails from your pop3. ('''JT:I used 1b''') | ||
This howto strictly depends on you having a base knowledge of qpopper and OpenSSL in general, it does not guide the install of either, only the setup between the two. But lets be sure you've compiled qpopper with ssl support? ;) | This howto strictly depends on you having a base knowledge of qpopper and OpenSSL in general, it does not guide the install of either, only the setup between the two. But lets be sure you've compiled qpopper with ssl support? ;) | ||
==Setup== | |||
First create a place to store your openssl keys safely | First create a place to store your openssl keys safely | ||
Zeile 27: | Zeile 28: | ||
</pre> | </pre> | ||
==Selfsigned/Real Certificate/ | |||
if you dont want to send your cert in, to pay for a real CA to sign it do NOT do this step right now follow 1b. below this 1a. | if you dont want to send your cert in, to pay for a real CA to sign it do NOT do this step right now follow 1b. below this 1a. | ||
Zeile 43: | Zeile 45: | ||
now you can <pre>cat signed-req.pem >> /etc/mail/certs/cert.pem</pre> | now you can <pre>cat signed-req.pem >> /etc/mail/certs/cert.pem</pre> | ||
==Configuration== | |||
next we configure /etc/qpopper.conf , you may place this anywhere you like in your system inside of it there are a few options to adjust inside. | next we configure /etc/qpopper.conf , you may place this anywhere you like in your system inside of it there are a few options to adjust inside. | ||
they are as follows. (set tls-support) can also be "stls". | they are as follows. (set tls-support) can also be "stls". | ||
Zeile 55: | Zeile 57: | ||
set log-facility = mail | set log-facility = mail | ||
set shy = true | set shy = true | ||
set downcase-user = true | |||
set server-mode = true | |||
</pre> | </pre> | ||
to wrap things up | to wrap things up | ||
==Inetd== | |||
Use the -f config-file-path command-line option to tell Qpopper to | Use the -f config-file-path command-line option to tell Qpopper to | ||
read the configuration file. a sample inetd line is below: | read the configuration file. a sample inetd line is below: | ||
Zeile 73: | Zeile 78: | ||
taken from http://www.defcon1.org/html/Security/Qpop-SSL/qpop-ssl.html | taken from http://www.defcon1.org/html/Security/Qpop-SSL/qpop-ssl.html | ||
[[Category:QPopper]] | [[Category:QPopper]] | ||
[[Category:Mail] | [[Category:Mail] | ||
[[Category:pop3]] | [[Category:pop3]] |
Version vom 29. Dezember 2005, 03:14 Uhr
This how to explains how to setup qpopper (pop3) with ssl encryption to securely download emails from your pop3. (JT:I used 1b)
This howto strictly depends on you having a base knowledge of qpopper and OpenSSL in general, it does not guide the install of either, only the setup between the two. But lets be sure you've compiled qpopper with ssl support? ;)
Setup
First create a place to store your openssl keys safely
mkdir -p -m665 /etc/mail/certs chown root:mail /etc/mail/certs chmod 660 /etc/mail/certs
Use openssl to create a public-private key pair and a certificate signing request (csa).
openssl req -new -nodes -out req.pem -keyout /etc/mail/certs/cert.pem
(follow questions it asks after this command is used and fill the options in completely)
next,
chmod 600 /etc/mail/certs/cert.pem chown root:0 /etc/mail/certs/cert.pem
==Selfsigned/Real Certificate/ if you dont want to send your cert in, to pay for a real CA to sign it do NOT do this step right now follow 1b. below this 1a.
1a. send the certificate signing request (file req.pem) to your Certificate Authority for signing. You will receive back a signed request. Assuming this signed request is in a file called signed_req.pem, concatenate it to the private key generated earlier:
cat signed-req.pem >> /etc/mail/certs/cert.pem
1b. if you want to sign your own and be your own CA from above to avoid sending it to a Certificate Authority do the following. AFTER you have done the above up to the cat signed-req, which will be done the following 3.
openssl genrsa -des3 -out ca.key 1024 openssl req -new -x509 -days 365 -key ca.key -out ca.crt openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out signed-req.pem -CAcreateserial
now you can
cat signed-req.pem >> /etc/mail/certs/cert.pem
Configuration
next we configure /etc/qpopper.conf , you may place this anywhere you like in your system inside of it there are a few options to adjust inside. they are as follows. (set tls-support) can also be "stls".
set clear-text-password = tls set tls-support = alternate-port set tls-version = default set tls-server-cert-file = /etc/mail/certs/cert.pem set UW-kluge = true set log-facility = mail set shy = true set downcase-user = true set server-mode = true
to wrap things up
Inetd
Use the -f config-file-path command-line option to tell Qpopper to read the configuration file. a sample inetd line is below:
pop3s stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.qpopper -f /etc/qpopper.conf
(of course making sure pop3s is inside of your /etc/services as --> pop3s 995/tcp
if using inetd, killall -HUP inetd, and you should be all set.
taken from http://www.defcon1.org/html/Security/Qpop-SSL/qpop-ssl.html
[[Category:Mail]