Get Qpopper
put it in /usr/src
Untar
tar xvfz qpopper4.0.5.tar.gz cd qpopper4.0.5 ./configure --enable-log-login -enable-standalone --with-openssl=/usr/include/openssl --enable-specialauth make make install
popper 995 -s -f /etc/mail/pop/qpopper.config nowait
Contents of /etc/mail/pop/qpopper.config
set tls-server-cert-file = /etc/mail/certs/cert.pem set tls-support = alternate-port set tls-version = default
Create certificate:
Marik please review and adjust!!!!!
First create a place to store your openssl keys safely
mkdir -p -m665 /etc/mail/certs
chown root:mail /etc/mail/certs
chmod 660 /etc/mail/certs
Use openssl to create a public-private key pair and a certificate
signing request (csa).
openssl req -new -nodes -out req.pem -keyout /etc/mail/certs/cert.pem
(follow questions it asks after this command is used and fill the
options in completely)
next,
chmod 600 /etc/mail/certs/cert.pem
chown root:0 /etc/mail/certs/cert.pem
if you dont want to send your cert in, to pay for a real CA to sign it
do NOT do this step right now follow 1b. below this 1a.
1a.
send the certificate signing request (file req.pem) to your
Certificate Authority for signing. You will receive back a
signed request. Assuming this signed request is in a file called
signed_req.pem, concatenate it to the private key generated earlier:
cat signed-req.pem >> /etc/mail/certs/cert.pem
1b.
if you want to sign your own and be your own CA from above to
avoid sending it to a Certificate Authority do the following. AFTER
you have done the above up to the cat signed-req, which will be done
the following 3.
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out
signed-req.pem -CAcreateserial
now you can cat signed-req.pem >> /etc/mail/certs/cert.pem