Can I use POPFile if I want to use SSL connections to my server?

The good news is: Yes, you can use POPFile over SSL connections!

POPFile 0.22.0 (or later) can make SSL connections to mail servers if some optional Perl and OpenSSL components are installed.

For Windows systems all of these optional SSL files will either be installed automatically (from POPFile 1.1.2 onward) or, in the case of POPFile 1.1.1 (or earlier releases) optionally downloaded by the installer when POPFile is installed or updated.

Windows version of POPFile

POPFile 1.1.2 (or later)

The Windows installer for POPFile 1.1.2 (or later) automatically installs the necessary SSL Support files so all that needs to be done to use SSL with POP3 accounts is to change the username in your email client to host:username:ssl (i.e. just add ':ssl' to the normal value for POPFile-enabled accounts).

By default SSL connections to POP3 servers use port 995. If you need to specify a non-standard port for a particular account change the username in your email client to the host:995:username:ssl but change the '995' to the required port number.

Please note that the SSL connection is between POPFile and the mail server, so do not configure the email client to use SSL for this account (POPFile will not accept an SSL connection from your email client). If you previously had your email client set to make an SSL connection to the server you must turn that off when you change the account to work with POPFile.

Note: Windows users should disable forking (this is the default setting) when using SSL connections. If you have enabled forking you can disable it by one of the following:

  • changing the “Allow concurrent POP3 connections” setting from “Yes” to “No” on the Configuration page
  • changing the “pop3_force_fork” parameter on the Advanced page in the UI from “1” to “0”
  • shutting down POPFile and editing the “pop3_force_fork” setting in the popfile.cfg file (0 = disabled)

POPFile 1.0.0 to 1.1.1

The Windows installers for POPFile 1.0.0 to 1.1.1 can download the necessary SSL Support files if the “SSL Support” option is selected when installing or upgrading POPFile.

SSL support can be also be added or updated after installation by using the “Change” option in the “Add/Remove Programs” entry for POPFile 1.0.0 or later.

The installer also has a special mode which can be used to add the SSL files to an existing installation:

setup.exe /SSL

The “Change” option in the “Add/Remove Programs” entry for POPFile or the installer's special mode can also be used if the installer was unable to download all of the necessary SSL files at install time.

POPFile 0.22.5

The Windows installer for 0.22.5 can download the necessary SSL Support files if the “SSL Support” option is selected when installing or upgrading POPFile. The installer also has a special mode which can be used to add the SSL files to an existing 0.22.5 installation:

setup.exe /SSL

This special mode can also be used if the installer was unable to download all of the necessary SSL files at install time.

POPFile 0.22.3 and 0.22.4

Although the 0.22.3 and 0.22.4 installers offer the option to download and install the SSL Support files the files they download are no longer compatible with POPFile. If you use this installer option POPFile's SSL mode will not work properly.

If you want to use SSL with POPFile 0.22.3 or 0.22.4 then you should use version 0.2.1 (or later) of the POPFile SSL Setup wizard (694 KB zip file) to add these files to POPFile. This wizard will patch the downloaded files to make them compatible with POPFile.

  • Note: The SSL Support files which are downloaded from the University of Winnipeg have been updated several times since POPFile 0.22.3 and 0.22.4 were released so it is important that an up-to-date version of the POPFile SSL Setup wizard is used to patch the SSL files.

POPFile 0.22.0, 0.22.1 and 0.22.2

The Windows installers for 0.22.0, 0.22.1 and 0.22.2 cannot download the necessary SSL Support components so a separate POPFile SSL Setup wizard (694 KB zip file) has been provided to add these extra components.

POPFile 0.22.0, 0.22.1 and 0.22.2 require old versions of the SSL Support files which are compatible with the minimal Perl used by POPFile so the SSL Setup wizard installs old SSL files instead of downloading and patching the current SSL files.

POPFile SSL Setup wizard's "/BUILTIN" mode

Since there will always be a delay between incompatible SSL files appearing on the University of Winnipeg repository and the SSL Setup wizard being updated to cope with these new files, version 0.1.7 (or later) of the wizard can install some old SSL files instead of downloading the latest versions.

These old SSL support files are compatible with POPFile 0.22.0, 0.22.1, 0.22.2, 0.22.3 and 0.22.4. To force the wizard to install these old files instead of downloading the latest files from the University of Winnipeg repository use the command

addssl.exe /BUILTIN

Mac OS X Version of POPFile

If you need the SSL support, you can use 'POPFile-addssl-x.x.x.pkg' package to install the necessary modules. Simply double-click the install package and follow the instructions.

Cross-Platform Version of POPFile

If you need SSL support and have a full Perl installation, you need to install the following additional Perl modules:

  1. IO::Socket::SSL (IO-Socket-SSL.ppd)
  2. Net::SSLeay (ppm install http://theoryx5.uwinnipeg.ca/ppmpackages/Net_SSLeay.pm.ppd) FIXME Should use Net-SSLeay package now (Windows installer for POPFile 1.1.2 uses Net_SSLeay v1.36 from 'bribes' repository)
  3. OpenSSL (should install automatically with above packages)
  • Note for non-Windows users (e.g. Mac OS X v10.4.2, SuSE 9.0): if your system has IO::Socket::SSL v0.97 or v0.99 you may need to update to IO::Socket::SSL v0.991 or later, or revert to IO::Socket::SSL v0.96 to get POPFile's SSL support to work properly. The current version (v1.18) of IO::Socket::SSL is compatible with POPFile.

Email Client configuration

After adding the necessary SSL files to the POPFile installation the email client can be configured to make POPFile use SSL. In your email client change the username to host:username:ssl (i.e. just add ':ssl' to the normal value for POPFile-enabled accounts).

If you are using POPFile 0.22.2 or earlier then you need to change the username to host:995:username:ssl to make sure POPFile connects to the appropriate port on the mail server.

If the mail server uses a non-standard port for SSL connections replace '995' with the required port number (this applies to all versions of POPFile which support SSL connections).

Please note that the SSL connection is between POPFile and the mail server, so do not configure the email client to use SSL for this account (POPFile will not accept an SSL connection from your email client). If you previously had your email client set to make an SSL connection to the server you must turn that off.

Thus, the network connections between your mail client and mail server via POPFile will be as follows:

Your mail client POPFile Your mail server
Port to be used 110 or specified port 995
SSL connections disabled enabled

Note: Windows users should disable forking (this is the default setting) when using SSL connections. If you have enabled forking you can disable it by one of the following:

  • changing the “Allow concurrent POP3 connections” setting from “Yes” to “No” on the Configuration page
  • changing the “pop3_force_fork” parameter on the Advanced page in the UI from “1” to “0”
  • shutting down POPFile and editing the “pop3_force_fork” setting in the popfile.cfg file (0 = disabled)

See also:

 
faq/ssl.txt · Last modified: 2014/02/28 17:27 by amatubu

Should you find anything in the documentation that is incomplete, unclear, outdated or just plain wrong, please let us know and leave a note in the Documentation Forum.

Recent changes RSS feed Donate Driven by DokuWiki
The content of this wiki is protected by the GNU Fee Documentation License