# POP3/SSL

## nitro322

I'd like to run a pop3s server, which is simply pop3 through ssl.  I've installed uw-imap on my mail server since it includes both imap and pop3 servers.  'qpkg -l uw-imap' shows that it installed xinetd init scripts for imap, imaps, ipop2, and ipop3, and it also shows that it installed ssl certificates for both imapd and pop3d (/usr/ssl/certs/imapd.pem and /usr/ssl/certs/ipop3d.pem).

Now, my problem is that I cannot figure out any way to start ipop3d in ssl mode.  I can run imapd with ssl support by simply running /etc/xinetd.d/imaps, but there is not equivilant ipop3s, only ipop3.  Any suggestions on how to do this?  I've tried modifying /etc/xinetd.d/ipop3 to start in ssl mode, but haven't had any luck.  The only time I've set this up in the past was on a RedHat box, and I'm pretty sure it included an ipop3s script.  Am I missing something, or just overlooking it?  Anyone else have this working?  Thanks.

----------

## humpback

Firts emerge -p stunnel and installe it if you dont have it.

Then create a /etc/xinet.d/pop3s file with:

```
# description: The POP3S service allows remote users to access their mail

#              using an POP3 client with SSL support such as fetchmail.

service pop3s

{

      disable            = no

      socket_type        = stream

      wait               = no

      user               = root

      server             = /usr/sbin/stunnel

      server_args        = -p /usr/ssl/certs/mail.felisberto.net.pem -l /usr/sbin/ipop3d -- ipop3d

      log_on_success     += USERID

      log_on_failure     += USERID

}
```

Change the usr/ssl/certs/mail.felisberto.net.pem to your certificate...

restart xinetd and try it  :Smile:  pop3s works by default on port 995.

----------

## nitro322

I don't have an account to test it at this time, but so far it looks like it working great.  Thanks for the input.  I've never used stunnel before.  What exactly does that do?

----------

## humpback

From the man page  :Smile: 

 *Quote:*   

> 
> 
> The stunnel program is designed to work as SSL encryption wrapper
> 
>        between remote clients and local (inetd-startable) or remote servers.
> ...

 

----------

## nitro322

ahh, very nice.  Sorry, didn't think to look at the man page - I'm used to them more of a reference than an intro.  That program actually looks pretty darn cool, though.  I'm going have to play around with it some more.  Thanks again for the tip.

----------

