pop3s, stunnel and pop-before-smtp configuration

Hi list, i have a question about the following problem i'm facing: I want to use a secure conection to my POP3-service and i'll be able to send mail via smtp. To prevent an open-relay mailserver i set up pop-before-smtp from http://popbsmtp.sourceforge.net. It is using /var/log/mail to update its IP-adress-database to verify access to smtp. Now i'm not shure about the right setup in xinetd.conf: Version 1: service pop3s { disable = no socket_type = stream wait = no user = root server = /usr/sbin/ipop3d server_args = -s log_on_success += USERID log_on_failure += USERID } Version 2: service pop3s { disable = no socket_type = stream wait = no user = root server = /usr/sbin/stunnel server_args = -l /usr/sbin/ipop3d log_on_success += USERID log_on_failure += USERID } Version 2 creates only access from 127.0.0.1 in /var/log/mail. This prevents pop-before-smtp from updating its database but all data is sent via an ssl connection to the server. Now my questions: Is data in version 1 also send via ssl or only some parts like userid and password or nothing? If nothing is send via ssl: How to configure stunnel to send the original ip-adress to /var/log/mail? Thanks and regards Michael M. Dienel --- Michael M. Dienel DIENtronik www.dientronik.de mmdienel@dientronik.de michael.m.dienel@t-online.de

Hi folks, On Wed, 2003-01-22 at 18:30, Michael M. Dienel wrote:
Hi list,
i have a question about the following problem i'm facing:
I want to use a secure conection to my POP3-service and i'll be able to send mail via smtp. To prevent an open-relay mailserver i set up pop-before-smtp from http://popbsmtp.sourceforge.net. It is using /var/log/mail to update its IP-adress-database to verify access to smtp. Now i'm not shure about the right setup in xinetd.conf: [xinetd.conf]
Version 2 creates only access from 127.0.0.1 in /var/log/mail. This prevents pop-before-smtp from updating its database but all data is sent via an ssl connection to the server.
Now my questions: Is data in version 1 also send via ssl or only some parts like userid and password or nothing? If nothing is send via ssl: How to configure stunnel to send the original ip-adress to /var/log/mail?
I dont think so, but: What about using qpopper with inbuild SSL/TLS? Then an entry to /var/log/mail looks like: Jan 23 09:50:01 pop3host qpopper[9173]: (v4.0.4) TLSv1/SSLv3 handshake with client at pop3host (333.333.333.3); new session-id; cipher: RC4-MD5 (RC4-MD5 SSLv3 Kx=RS A Au=RSA Enc=RC4(128) Mac=MD5 ), 128 bits Jan 23 09:50:01 pop3host qpopper[9173]: Stats: user 0 0 3 19971 pop3client 333.333.333.4 Now your popbstmp should be able to parse these entries. Greetings Carsten
participants (2)
-
Carsten Blume
-
Michael M. Dienel