Open Discussion → STARTTLS

STARTTLS

Okay, I have been away from configuring POPFile for quite some time now. Is POPFile STARTTLS capable and ,if so, how do I configure for pop3?

Trapper
04/14/12 15:43:58
Tree View Flat View (newer first) Flat View (older first)
  • Message #1643

    POPFile can use SSL to connect to a POP3 server but it will not accept SSL connections from a mail client.

    For example:

    (a) Using SSL without POPFile

    Thunderbird -- SSL -- (internet) -- SSL -- POP3 mail server

    (b) Using SSL with POPFile running on same computer as the mail client

    Thunderbird -- POPFile -- SSL -- (internet) -- SSL -- POP3 mail server

    Note that in this case Thunderbird must not use SSL to communicate with POPFile; the SSL connection is between POPFile and the mail server.

    More information can be found in the wiki: Can I use POPFile if I want to use SSL connections to my server?

    brian
    04/14/12 16:07:33
    • Message #1644

      Okay. My understanding is that SSL and STARTTLS are 2 completely different animals ... so I should perhaps reconfigure my question:

      If POPFile is connecting to a pop3 mail server that supports starttls does it automatically attempt to establish the starttls connection? If that's the case, how do I verify it's actually happening? If it's not the case, how to I get POPFile to establish starttls with the server that supports it?

      Trapper
      04/14/12 17:12:06
      • Message #1645

        My understanding is that SSL and STARTTLS are 2 completely different animals

        In simple terms STARTTLS is the command that is sent to the server to tell it that you wish to use SSL for the mail transaction so I don't agree they are "completely different animals".

        By default POPFile acts as a POP3 proxy so it simply passes on POP3 commands received from the email client to the mail server, it does not make POP3 connections of its own accord. Similarly it passes responses received from the POP3 mail server back to the mail client.

        When the mail client checks for new email it sends a login command to POPFile, POPFile extracts the mail server address and username from this login command, tries to login to the specified mail server and passes the mail server response back to the mail client.

        If SSL is required for this connection then the mail client needs to tell POPFile to use SSL, as described in the wiki page I referenced in my previous reply. In other words, POPFile will only try to use SSL if the command received from the mail client tells it to use SSL.

        (I'm assuming the general case where POPFile is being used to handle accounts on more than one POP3 server)

        brian
        04/14/12 18:00:56
        • Message #1646

          Okay. now I see why I have been having such difficulty here. I have gmail accounts that I run through popfile okay using the :ssl at the end of the username. However, this account I am trying to connect to using starttls always fails when using :ssl I just discovered why. When I set up this account using Thunderbird's "discovery" account creation tool, Thunderbird determined the mailserver had pop3 starttls support. It even downloaded the certificate for me. Well, I telneted the mail server and discovered that it does not offer starttls support and I eventually determined the certificate thunderbird downloaded was for IMAP.

          Soooooooooooooo ... this thread is solved. Thanks for your input and enlightenment.

          Trapper
          04/14/12 20:09:17
          • Message #1647

            the certificate thunderbird downloaded was for IMAP

            I think Thunderbird's account creation wizard defaults to IMAP mode but does not make that very clear in the dialog box.

            this thread is solved

            Glad to hear that you are now able to use POPFile with that account

            brian
            04/14/12 21:13:18
            • Message #1648

              Yeah, I had to click the manual setup selection box after the creation tool started. You are right about defaulting to IMAP. In previous versions it didn't even honor the manual setup selection button. At least it will revert to pop3 now, once you do. For the life of me I cannot understand why they don't give the manual option "prior" to actually starting the discovery tool. It doesn't take a lot of brains to figure out that's how to logically do it.

              No problem using the account through POPFile with standartd settings. I have twenty-some accounts to various mail servers and POPFile always works a charm. My current database dates back to June, 2006 and is giving me 99.38% overall accuracy. With the myriad of varied mail scenarios it scans, I am very happy with that. I've never had a real problem with POPFile on Nix. Even used to have POPFile working inside of a postfix mail server, after mail was received but before mailbox delivery. It really worked a charm there too. Much, much better than as an outside proxy.

              Thanks again for your help.

              Trapper
              04/14/12 22:39:23
Tree View Flat View (newer first) Flat View (older first)