[tpop3d-discuss] tpop3d-1.5.1 and SSL configuration
chris at ex-parrot.com
Thu, 21 Aug 2003 11:16:47 +0100
On Thu, Aug 21, 2003 at 11:13:09AM +0300, ODHIAMBO Washington wrote:
> * Chris Lightfoot <firstname.lastname@example.org> [20030820 18:07]: wrote:
> > On Wed, Aug 20, 2003 at 05:59:44PM +0300, ODHIAMBO Washington wrote:
> > > listen-address: 22.214.171.124(pop.wananchi.com) 126.96.36.199(smtp.wananchi.com) 192.168.50.3(mail.wananchi.com)
> > >
> > > I would like to add the same names, but now on SSL port, like
> > >
> > > 188.8.131.52:995;tls=stls,wananchi.crt,wananchikey\
> > > 184.108.40.206:995;tls=stls,wananchi.crt,wananchi.key\
> > > 192.168.50.3:995;tls=stls,wananchicrt,wananchi.key
> > No, should be tls=immediate to negotiate encryption
> > immediately on connection. You could add tls=stls and the
> > certificate names to the normal listen-address
> > specifications too, so that clients can negotiate
> > encryption if they want it.
> Okay, I am a bit lost, since brackets and even dots have special meanings in regexes.
> I am not a programmer though, so bear with me.
> I have tried
> listen-address: 220.127.116.11:110/^([a-zA-Z]+\.wananchi\.com)/ \
> 18.104.22.168:110/^([a-zA-Z]+\.wananchi\.com)/ \
> 192.168.50.3:110/^([a-zA-Z]+\.wananchi\.com)/ \
Um. I'm not sure what you're trying to achieve here.
The idea of `mass virtual hosting' and the regexp is that
on a machine which has lots of interfaces all with IP
addresses mapping to pop3.example.com, pop3.example.org,
.... So when a user connects (say to pop3.example.com)
tpop3d looks up the address to which they've connected,
and applies the regex to it, in the above example getting
`example.com', which it then uses as the address.
In your case, since you're listening on several addresses
with one domain, you don't need to use a regex at all.
> Obviously this is wrong somewhere because I get an error. When I test:
> ./tpop3d -f ./tpop3d.conf -d -v
> I get:
> TCP Wrappers support enabled, using daemon name `tpop3d'
> listener_new: bind(22.214.171.124:110): Can't assign requested address
> listener_new: bind(126.96.36.199:110): Can't assign requested address
> listener_new: bind(192.168.50.3:110): Can't assign requested address
> tpop3d.conf: no listen addresses obtained; exiting
> That complicates it if I were to add tls=stls also.
That error -- EADDRNOTAVAIL -- typically occurs when
you've tried to listen on an address not available on the
local machine. Check the interfaces with ifconfig.
> Any help with a complete syntax for listen-address: that also has tls
The above should work, modulo the error.
> > > Secondly, I would like to try the bulletin thingie, and so I have added:
> > >
> > > onlogin-child-wait: true
> > > auth-perl-enable: true
> > > auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
> > >
> > > Would this suffice to achieve the desired result (config-wise)??
> > Almost. You need to add an
> > auth-perl-onlogin: name_of_function
> > statement so that tpop3d actually runs the bulletins
> > function at login time.
> Hang on.. since I do not use auth-perl to authenticate users, does it
> mean that I require only three directives to run the bulletins, viz:
> onlogin-child-wait: true
> auth-perl-enable: true
> auth-perl-onlogin: do '/usr/local/etc/tpop3d/bulletins.pl';
auth-perl-enable: true # but no apop or pass handler
auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
auth-perl-onlogin: deliver_bulletins # or whatever the subroutine is called
> We use auth-pam and auth-mysql for users. I only want to run the bulletins
> stuff and that is wht auth-perl is coming into the mix.
auth-perl is only needed so that you get the perl
interpreter. When I implemented onlogin support, this
seemed the neatest way to do it. See
README.POP-before-SMTP for more information.
``I shouldn't say `I don't think so,' although that's what I think.''