Has anyone implemented TLS on SuSE? Failing that I need to be able to do SMTP after POP to auth the connection. From http://www.suse.de/en/produkte/solutions/imap2/features.html it looks like the SuSE email server II supports it, but I can't seem to find any info about it on normal SuSE Pro. Has anyone done this? I have found some sites like http://mail.cc.umanitoba.ca/drac/pop.html http://www.sendmail.org/~ca/email/starttls.html But, I would prefer not to recompile lots of stuff if I don't have to.. Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com
* Nix wrote on Thu, Feb 22, 2001 at 11:16 +1100:
Has anyone implemented TLS on SuSE?
I use stunnel for wrapping SMTP and IMAP which works well. I just tested SMTP via SSL with Netscape (some simple mails only), but with nothing special (no client certs or similar). Installing stunnel went fast, it worked out of the box, the FAQ (or README or similar) describes wrapping SMTP and IMAP, and it worked at first try. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
At 10:30 PM 22/02/2001, you wrote:
* Nix wrote on Thu, Feb 22, 2001 at 11:16 +1100:
Has anyone implemented TLS on SuSE?
I use stunnel for wrapping SMTP and IMAP which works well. I just tested SMTP via SSL with Netscape (some simple mails only), but with nothing special (no client certs or similar).
Installing stunnel went fast, it worked out of the box, the FAQ (or README or similar) describes wrapping SMTP and IMAP, and it worked at first try.
Yeah, but there is no longer a port to "wrap" smtp with, it now has to be negotiated as part of the esmtp startup :-( I have already used ssl-wrap (Thanks for including that in the Distro SuSE) to wrap pop and imap, but I need a way to do it with smtp. I guess I'll just have to go play. Sendmail now supports it, but I'm not sure if the suse rpm has that option enabled.. Guess I'll find out tomorrow.. Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com
* Nix wrote on Thu, Feb 22, 2001 at 23:01 +1100:
At 10:30 PM 22/02/2001, Steffen Dettmer wrote:
Installing stunnel went fast, it worked out of the box, the FAQ (or README or similar) describes wrapping SMTP and IMAP, and it worked at first try.
Yeah, but there is no longer a port to "wrap" smtp with, it now has to be negotiated as part of the esmtp startup :-(
I don't understand what you mean, sorry. Yes, SMTP over SSL is not only wrapped SMTP, and stunnel knows a command line switch to do that additional actions, so stunnel is usable for SMTP, i.e.: { /usr/local/sbin/stunnel -d smtp \ -p /root/office.pem \ -n smtp \ -l /var/qmail/bin/tcp-env \ tcp-env /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpds 3 ; } & (example for qmail with tcp-env. The stunnel gets the original command as command-line parameter)
I have already used ssl-wrap (Thanks for including that in the Distro SuSE) to wrap pop and imap, but I need a way to do it
Sorry, I don't know that.
with smtp. I guess I'll just have to go play. Sendmail now supports it,
I cannot help you, I switched from sendmail to qmail already :) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
At 01:18 AM 23/02/2001, you wrote:
Yes, SMTP over SSL is not only wrapped SMTP, and stunnel knows a command line switch to do that additional actions, so stunnel is usable for SMTP, i.e.:
{ /usr/local/sbin/stunnel -d smtp \ -p /root/office.pem \ -n smtp \ -l /var/qmail/bin/tcp-env \ tcp-env /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpds 3 ; } &
(example for qmail with tcp-env. The stunnel gets the original command as command-line parameter)
Correct me if I'm wrong, but this will not work for Netscape 4.5 and above, also you will lose all relay protection... --- Nix - nix@susesecurity.com http://www.susesecurity.com
* Nix wrote on Fri, Feb 23, 2001 at 10:52 +1100:
At 01:18 AM 23/02/2001, you wrote:
{ /usr/local/sbin/stunnel -d smtp \ -p /root/office.pem \ -n smtp \ -l /var/qmail/bin/tcp-env \ tcp-env /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpds 3 ; } &
Correct me if I'm wrong, but this will not work for Netscape 4.5 and above,
I thing I tried it with the SuSE 7.0 default Netscape which is 4.72 IIRC.
also you will lose all relay protection...
I haven't tested this explicitly, but why this should happen? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
On Fri, 23 Feb 2001, Steffen Dettmer wrote:
* Nix wrote on Fri, Feb 23, 2001 at 10:52 +1100:
At 01:18 AM 23/02/2001, you wrote:
{ /usr/local/sbin/stunnel -d smtp \ -p /root/office.pem \ -n smtp \ -l /var/qmail/bin/tcp-env \ tcp-env /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpds 3 ; } &
Correct me if I'm wrong, but this will not work for Netscape 4.5 and above,
I thing I tried it with the SuSE 7.0 default Netscape which is 4.72 IIRC.
Works here for a long time but with transparent proxy and redirect to :25 (sendmail is listening on this port, SMTP AUTH via sasl)
also you will lose all relay protection...
If you use transparent proxy mode (-t) the real client IP will be propagated. Bye Andre'
participants (3)
-
andre.breiler@informatik.tu-chemnitz.de
-
Nix
-
Steffen Dettmer