[tpop3d-discuss] tpop3d-1.5.1 and SSL configuration

Chris Lightfoot chris at ex-parrot.com
Thu, 21 Aug 2003 11:16:47 +0100

On Thu, Aug 21, 2003 at 11:13:09AM +0300, ODHIAMBO Washington wrote:
> * Chris Lightfoot <chris@ex-parrot.com> [20030820 18:07]: wrote:
> > On Wed, Aug 20, 2003 at 05:59:44PM +0300, ODHIAMBO Washington wrote:

> > > listen-address:
> > > 
> > > I would like to add the same names, but now on SSL port, like
> > > 
> > >;tls=stls,wananchi.crt,wananchikey\
> > >;tls=stls,wananchi.crt,wananchi.key\
> > >;tls=stls,wananchicrt,wananchi.key
> > 
> > No, should be tls=immediate to negotiate encryption
> > immediately on connection. You could add tls=stls and the
> > certificate names to the normal listen-address
> > specifications too, so that clients can negotiate
> > encryption if they want it.
> Okay, I am a bit lost, since brackets and even dots have special meanings in regexes.
> I am not a programmer though, so bear with me.
> I have tried
> listen-address:^([a-zA-Z]+\.wananchi\.com)/ \
>       ^([a-zA-Z]+\.wananchi\.com)/ \
>       ^([a-zA-Z]+\.wananchi\.com)/ \

Um. I'm not sure what you're trying to achieve here.

The idea of `mass virtual hosting' and the regexp is that
you say,


on a machine which has lots of interfaces all with IP
addresses mapping to pop3.example.com, pop3.example.org,
.... So when a user connects (say to pop3.example.com)
tpop3d looks up the address to which they've connected,
and applies the regex to it, in the above example getting
`example.com', which it then uses as the address.

In your case, since you're listening on several addresses
with one domain, you don't need to use a regex at all.

> Obviously this is wrong somewhere because I get an error. When I test:
> ./tpop3d -f ./tpop3d.conf -d -v
> I get:
> TCP Wrappers support enabled, using daemon name `tpop3d'
> listener_new: bind( Can't assign requested address
> listener_new: bind( Can't assign requested address
> listener_new: bind( Can't assign requested address
> tpop3d.conf: no listen addresses obtained; exiting
> That complicates it if I were to add tls=stls also.

That error -- EADDRNOTAVAIL -- typically occurs when
you've tried to listen on an address not available on the
local machine. Check the interfaces with ifconfig.

> Any help with a complete syntax for listen-address: that also has tls
> support???

The above should work, modulo the error.

> > > Secondly, I would like to try the bulletin thingie, and so I have added:
> > > 
> > > onlogin-child-wait: true
> > > auth-perl-enable: true
> > > auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
> > > 
> > > Would this suffice to achieve the desired result (config-wise)??
> > 
> > Almost. You need to add an
> >   auth-perl-onlogin: name_of_function
> > statement so that tpop3d actually runs the bulletins
> > function at login time.
> Hang on.. since I do not use auth-perl to authenticate users, does it
> mean that I require only three directives to run the bulletins, viz:
> onlogin-child-wait: true
> auth-perl-enable: true
> auth-perl-onlogin: do '/usr/local/etc/tpop3d/bulletins.pl';


onlogin-child-wait: true
auth-perl-enable: true          # but no apop or pass handler
auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
auth-perl-onlogin: deliver_bulletins    # or whatever the subroutine is called

> We use auth-pam and auth-mysql for users. I only want to run the bulletins
> stuff and that is wht auth-perl is coming into the mix.

auth-perl is only needed so that you get the perl
interpreter. When I implemented onlogin support, this
seemed the neatest way to do it. See
README.POP-before-SMTP for more information.

``I shouldn't say `I don't think so,' although that's what I think.''
  (Donald Rumsfeld)