# courier-pop3d-ssl not working [SOLVED]

## BlinkEye

i'm running courier-imap-ssl, postfix, fetchmail, procmail. i'm trying since several hours to get courier-pop3d-ssl support. i'm able to get my mails without encryption via courier-pop3d. but as soon as i add 

```
POP3_TLS_REQUIRED=1
```

to /etc/courier-imap/pop3d-ssl and use the ssl option for fetchmail i get rejected.

```
 confcat /etc/courier-imap/pop3d-ssl

SSLPORT=995

SSLADDRESS=0

SSLPIDFILE=/var/run/pop3d-ssl.pid

POP3DSSLSTART=YES

POP3_STARTTLS=YES

POP3_TLS_REQUIRED=1

COURIERTLS=/usr/sbin/couriertls

TLS_PROTOCOL=SSL3

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CERTFILE=/etc/courier-imap/pop3d.pem

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288

SSLPORT=995

SSLADDRESS=0

SSLPIDFILE=/var/run/pop3d-ssl.pid

POP3DSSLSTART=YES

POP3_STARTTLS=YES

POP3_TLS_REQUIRED=1

COURIERTLS=/usr/sbin/couriertls

TLS_PROTOCOL=SSL3

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CERTFILE=/etc/courier-imap/pop3d.pem

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288
```

```
confcat /etc/courier-imap/pop3d

SSLPORT=995

SSLADDRESS=0

SSLPIDFILE=/var/run/pop3d-ssl.pid

POP3DSSLSTART=YES

POP3_STARTTLS=YES

POP3_TLS_REQUIRED=1

COURIERTLS=/usr/sbin/couriertls

TLS_PROTOCOL=SSL3

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CERTFILE=/etc/courier-imap/pop3d.pem

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache

TLS_CACHESIZE=524288

PIDFILE=/var/run/pop3d.pid

MAXDAEMONS=40

MAXPERIP=4

AUTHMODULES="authdaemon"

AUTHMODULES_ORIG="authdaemon"

DEBUG_LOGIN=1

POP3AUTH="LOGIN"

POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"

POP3AUTH_TLS="LOGIN PLAIN"

POP3AUTH_TLS_ORIG="PLAIN LOGIN"

PORT=110

ADDRESS=0

TCPDOPTS="-nodnslookup -noidentlookup"

POP3DSTART=YES

MAILDIRPATH=Maildir

MAILDIR=.maildir

PRERUN=
```

```
1 confcat .fetchmailrc

set postmaster "cerberos"

set bouncemail

set no spambounce

poll mydomain with proto POP3 user "myusername" there with password "xxxx" is myusername here options ssl warnings 3600
```

logs:

```
Oct 28 20:28:41 mydomain pop3d-ssl: Connection, ip=[myip]

Oct 28 20:28:41 mydomain pop3d-ssl: LOGIN: DEBUG: ip=[myip], command=CAPA

Oct 28 20:28:41 mydomain pop3d-ssl: LOGIN: DEBUG: ip=[myip], command=USER

Oct 28 20:28:41 mydomain pop3d-ssl: LOGIN: DEBUG: ip=[myip], command=PASS

Oct 28 20:28:41 mydomain pop3d-ssl: LOGIN: DEBUG: ip=[myip], command=QUIT

Oct 28 20:28:41 mydomain pop3d-ssl: LOGOUT, ip=[myip]
```

```
fetchmail -Nvv

fetchmail: 6.2.5 querying mydomain  (protocol POP3) at Thu 28 Oct 2004 20:28:41 CEST: poll started

fetchmail: mydomain  key fingerprint: 4B:53:2B:83:60:AA:00:5D:7E:94:1C:EF:0B:E0:B2:9A

fetchmail: POP3< +OK Hello there.

fetchmail: POP3> CAPA

fetchmail: POP3< +OK Here's what I can do:

fetchmail: POP3< SASL LOGIN PLAIN

fetchmail: POP3< STLS

fetchmail: POP3< TOP

fetchmail: POP3< USER

fetchmail: POP3< LOGIN-DELAY 10

fetchmail: POP3< PIPELINING

fetchmail: POP3< UIDL

fetchmail: POP3< IMPLEMENTATION Courier Mail Server

fetchmail: POP3< .

fetchmail: POP3> USER myusername

fetchmail: POP3< -ERR TLS required to log in.

fetchmail: TLS required to log in.

fetchmail: POP3> PASS *

fetchmail: POP3< -ERR USER/PASS required.

fetchmail: USER/PASS required.

fetchmail: Authorization failure on myuser@mydomain

fetchmail: POP3> QUIT

fetchmail: POP3< +OK Better luck next time.

fetchmail: 6.2.5 querying  (protocol POP3) at Thu 28 Oct 2004 20:28:42 CEST: poll completed

fetchmail: Query status=3 (AUTHFAIL)

fetchmail: Deleting fetchids file.

fetchmail: normal termination, status 3

fetchmail: Deleting fetchids file.
```

```
 telnet myip 110

Trying myip...

Connected to myip.

Escape character is '^]'.

+OK Hello there.

user myusername

-ERR TLS required to log in.
```

```
telnet  995

Trying myip...

Connected to myip .

Escape character is '^]'.

user myusername

Connection closed by foreign host.
```

```
openssl s_client -connect myip:995 -showcerts

CONNECTED(00000003)

/* blabla -- snip -- blabla */

---

Certificate chain

/* blabla -- snip -- blabla */

-----BEGIN CERTIFICATE-----

/* snip */

-----END CERTIFICATE-----

---

Server certificate

/* -- snip -- */

---

No client certificate CA names sent

---

SSL handshake has read 881 bytes and written 346 bytes

---

New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 1024 bit

SSL-Session:

    Protocol  : TLSv1

    Cipher    : AES256-SHA

    Session-ID: EC4CAE1AD748D540AFE8BEF4B0C6995D5B6ABA431E8140DDADD3D02CED678461

    Session-ID-ctx:

    Master-Key: 6D1F235D847E4023434F235997EC34D283B269BCABF77CEC055AEB0C7658CB21E33DFFB285D569B0C04C3707F57D1092

    Key-Arg   : None

    Start Time: 1098988609

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

+OK Hello there.
```

```
# netstatc

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:imaps                 *:*                     LISTEN      5024/couriertcpd

tcp        0      0 *:pop3s                 *:*                     LISTEN      5136/couriertcpd

tcp        0      0 *:pop-3                 *:*                     LISTEN      5080/couriertcpd

tcp        0      0 *:imap2                 *:*                     LISTEN      4968/couriertcpd

tcp        0      0 *:ssmtp                 *:*                     LISTEN      14181/master

tcp        0      0 *:smtp                  *:*                     LISTEN      14181/master
```

it doesn't matter if i try to connect from localhost or a remote host. 

ANY ideas? i'm really lost ...

----------

## BlinkEye

well, that's really funny. because today it works. i haven't touched a config file, didn't even log in into my server. nerver mind this thread, occupied me long enough ... (it seems to be better to take a break sometimes and wait a bit than trying to figure out hole days and nights what might be wrong).

EDIT: well, i rebooted my client this morning (laptop) which behaved strangely after 2 weeks suspending to RAM. maybe it was the client and not the server?!

----------

