Hello and first of all a "Happy new year 2022!
In advance: I already use another solution (postfix+dovecot+pigeonhole).
But for special reasons I have to set up the sendmail+spamassassin + qpopper - scenario for a few weeks on a special machine.
Among other things, I used the following instructions as a guide for configuring qpopper with SSL/TLS:
I have already tried several hours today to set up qpopper so that an SSL connection can be used from the EMailClient via port 995. For TLS/SSL I use Let's encrypt certificates!
Unfortunately unsuccessful so far (see error messages below, with strange symbols/characters).
In contrast, sendmail-smtp-auth with TLS works fine.
I'm just not getting anywhere here. Have I included the wrong certificate?
I think I read somewhere a while ago that you have to merge two certificates into a single file for qpopper.
Obviously the problem has to do with the SSL-Versionnumber 3 if you have a look at the openssl connection try below.
I would be happy if someone could help me.
Thanks in advance and kind regards
Sidney2017
/var/log/messages
Certbot certificates shows:
Additionally following files exist:
/etc/services
/etc/inetd.conf
qpopper.config
I als tried "set tls-support = stls"
rc.conf
In advance: I already use another solution (postfix+dovecot+pigeonhole).
But for special reasons I have to set up the sendmail+spamassassin + qpopper - scenario for a few weeks on a special machine.
Among other things, I used the following instructions as a guide for configuring qpopper with SSL/TLS:
Qpop-SSL
www.defcon1.org
I have already tried several hours today to set up qpopper so that an SSL connection can be used from the EMailClient via port 995. For TLS/SSL I use Let's encrypt certificates!
Unfortunately unsuccessful so far (see error messages below, with strange symbols/characters).
In contrast, sendmail-smtp-auth with TLS works fine.
I'm just not getting anywhere here. Have I included the wrong certificate?
I think I read somewhere a while ago that you have to merge two certificates into a single file for qpopper.
Obviously the problem has to do with the SSL-Versionnumber 3 if you have a look at the openssl connection try below.
I would be happy if someone could help me.
Thanks in advance and kind regards
Sidney2017
/var/log/messages
Code:
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR Unknown command: "[B][COLOR=rgb(209, 72, 65)]^V^C^A[/COLOR][/B]".
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR Unknown command: [B][COLOR=rgb(209, 72, 65)]"[/COLOR][/B][COLOR=rgb(209, 72, 65)][B]▒[/B][/COLOR][B][COLOR=rgb(209, 72, 65)]"[/COLOR][/B].
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR POP EOF or I/O Error
Jan 1 12:49:17 MyDomain qpopper[40447]: I/O error flushing output to client at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de [X.X.X.X]: Operation not permitted (1)
Certbot certificates shows:
Code:
Certificate Name: MyDomain.tld
Serial Number: 4884fXXXXXXX94dd8a6b77ee31def515a5
Key Type: RSA
Domains: MyDomain.tld imap.MyDomain.tld mail.MyDomain.tld smtp.MyDomain.tld [URL='http://www.MyDomain.tld']www.MyDomain.tld[/URL]
Expiry Date: 2022-03-31 15:50:21+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/MyDomain.tld/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/MyDomain.tld/privkey.pem
Additionally following files exist:
Code:
/usr/local/etc/letsencrypt/live/MyDomain.tld/chain.pem
/usr/local/etc/letsencrypt/live/MyDomain.tld/cert.pem
/etc/services
Code:
# pop3 protocol over TLS/SSL
pop3s 995/tcp spop3
pop3s 995/udp spop3
/etc/inetd.conf
Code:
pop3 stream tcp nowait root /usr/local/libexec/qpopper qpopper -s
pop3s stream tcp nowait root /usr/local/libexec/qpopper qpopper -s -f /etc/mail/pop/[B][COLOR=rgb(65, 168, 95)]qpopper.config[/COLOR][/B]
qpopper.config
Code:
set tls-support = alternate-port
set tls-version = default
set tls-server-cert-file = /usr/local/etc/letsencrypt/live/MyDomain.tld/cert.pem
rc.conf
Code:
firewall_myservices="22/tcp 25/tcp 80/tcp 110/tcp 443/tcp 587/tcp 993/tcp 995/tcp 4190/tcp 10000/tcp 11332/tcp 11334/tcp 20000/tcp"
telnet localhost 995
Code:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Qpopper (version 4.1.0) at MyDomain.tld starting. <[EMAIL]41371.1641040644@MyDomain.tld[/EMAIL]>
openssl s_client -connect localhost:995
Code:
CONNECTED(00000004)
34374492160:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:/usr/src/crypto/openssl/ssl/record/ssl3_record.c:358:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
pkg info qpopper
Code:
qpopper-4.1.0_6
Name : qpopper
Version : 4.1.0_6
Installed on : Tue Dec 28 12:23:44 2021 CET
Origin : mail/qpopper
Architecture : FreeBSD:13:amd64
Prefix : /usr/local
Categories : mail
Licenses : QUALCOMM
Maintainer : [email]eugen@FreeBSD.org[/email]
WWW : [URL]http://www.eudora.com/products/unsupported/qpopper/[/URL]
Comment : Berkeley POP 3 server (now maintained by Qualcomm)
Options :
APOP : on
APOP_ONLY : off
DOCUMENTATION : off
FULL_POPD_DEBUG: off
OPENSSL : on
PAM : off
POPPASSD : off
SAMPLE_POPUSERS: off
SHY_ENABLED : off
STANDALONE_MODE: off
U_OPTION : on
Annotations :
FreeBSD_version: 1300139
cpe : cpe:2.3:a:qualcomm:qpopper:4.1.0:::::freebsd13:x64:6
repo_type : binary
repository : FreeBSD
Last edited by a moderator: