[tpop3d-discuss] tpop3d-1.5.1 and SSL configuration

Chris Lightfoot chris at ex-parrot.com
Thu, 21 Aug 2003 11:16:47 +0100


On Thu, Aug 21, 2003 at 11:13:09AM +0300, ODHIAMBO Washington wrote:
> * Chris Lightfoot <chris@ex-parrot.com> [20030820 18:07]: wrote:
> > On Wed, Aug 20, 2003 at 05:59:44PM +0300, ODHIAMBO Washington wrote:

> > > listen-address: 62.8.64.4(pop.wananchi.com) 212.49.74.4(smtp.wananchi.com) 192.168.50.3(mail.wananchi.com)
> > > 
> > > I would like to add the same names, but now on SSL port, like
> > > 
> > > 62.8.64.4:995;tls=stls,wananchi.crt,wananchikey\
> > > 212.49.74.4:995;tls=stls,wananchi.crt,wananchi.key\
> > > 192.168.50.3:995;tls=stls,wananchicrt,wananchi.key
> > 
> > No, should be tls=immediate to negotiate encryption
> > immediately on connection. You could add tls=stls and the
> > certificate names to the normal listen-address
> > specifications too, so that clients can negotiate
> > encryption if they want it.
> 
> 
> Okay, I am a bit lost, since brackets and even dots have special meanings in regexes.
> I am not a programmer though, so bear with me.
> I have tried
> 
> listen-address: 62.8.64.4:110/^([a-zA-Z]+\.wananchi\.com)/ \
>                 212.49.74.4:110/^([a-zA-Z]+\.wananchi\.com)/ \
>                 192.168.50.3:110/^([a-zA-Z]+\.wananchi\.com)/ \

Um. I'm not sure what you're trying to achieve here.

The idea of `mass virtual hosting' and the regexp is that
you say,

    listen-address: 0.0.0.0:100/^pop3\.(.+\)$/

on a machine which has lots of interfaces all with IP
addresses mapping to pop3.example.com, pop3.example.org,
.... So when a user connects (say to pop3.example.com)
tpop3d looks up the address to which they've connected,
and applies the regex to it, in the above example getting
`example.com', which it then uses as the address.

In your case, since you're listening on several addresses
with one domain, you don't need to use a regex at all.

> 
> Obviously this is wrong somewhere because I get an error. When I test:
> 
> ./tpop3d -f ./tpop3d.conf -d -v
> 
> I get:
> 
> TCP Wrappers support enabled, using daemon name `tpop3d'
> listener_new: bind(62.8.64.4:110): Can't assign requested address
> listener_new: bind(212.49.74.4:110): Can't assign requested address
> listener_new: bind(192.168.50.3:110): Can't assign requested address
> tpop3d.conf: no listen addresses obtained; exiting
> 
> That complicates it if I were to add tls=stls also.

That error -- EADDRNOTAVAIL -- typically occurs when
you've tried to listen on an address not available on the
local machine. Check the interfaces with ifconfig.

> Any help with a complete syntax for listen-address: that also has tls
> support???

The above should work, modulo the error.

> > > Secondly, I would like to try the bulletin thingie, and so I have added:
> > > 
> > > onlogin-child-wait: true
> > > auth-perl-enable: true
> > > auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
> > > 
> > > Would this suffice to achieve the desired result (config-wise)??
> > 
> > Almost. You need to add an
> >   auth-perl-onlogin: name_of_function
> > statement so that tpop3d actually runs the bulletins
> > function at login time.
> 
> 
> Hang on.. since I do not use auth-perl to authenticate users, does it
> mean that I require only three directives to run the bulletins, viz:
> 
> onlogin-child-wait: true
> auth-perl-enable: true
> auth-perl-onlogin: do '/usr/local/etc/tpop3d/bulletins.pl';

No.

onlogin-child-wait: true
auth-perl-enable: true          # but no apop or pass handler
auth-perl-start: do '/usr/local/etc/tpop3d/bulletins.pl';
auth-perl-onlogin: deliver_bulletins    # or whatever the subroutine is called

> 
> We use auth-pam and auth-mysql for users. I only want to run the bulletins
> stuff and that is wht auth-perl is coming into the mix.

auth-perl is only needed so that you get the perl
interpreter. When I implemented onlogin support, this
seemed the neatest way to do it. See
README.POP-before-SMTP for more information.


-- 
``I shouldn't say `I don't think so,' although that's what I think.''
  (Donald Rumsfeld)