The good news is: Yes, you can use POPFile over SSL connections!

POPFile 0.22.0 (or later) can make SSL connections to mail servers if some optional Perl and OpenSSL components are installed. For Windows systems all of these optional SSL files can be downloaded from the University of Winnipeg repository when POPFile is installed.

The Windows installers for 0.22.0, 0.22.1 and 0.22.2 cannot download these additional components so a separate POPFile SSL Setup wizard (628 KB zip file) has been provided to add these extra components.

The POPFile SSL Setup wizard should also be used to add the optional SSL components to 0.22.3 and 0.22.4 installations even though the Windows installers for 0.22.3 and 0.22.4 offer to install “SSL Support” as an option.

There are several reasons why the 0.22.3 and 0.22.4 installers and version 0.1.8 (or earlier) of the SSL Setup wizard should no longer be used to download the optional SSL components:

• Since 18 July 2006 the SSL files which the 0.22.3 and 0.22.4 installers download are no longer compatible with POPFile (console messages reporting missing files will be output and POPFile will not process mail)

• Although versions 0.1.6 and 0.1.7 of the POPFile SSL Setup wizard can fix the problems caused by the 18 July 2006 changes, they cannot fix the changes introduced on 18 August 2006 (which cause similar problems).

• Version 0.1.8 of the POPFile SSL Setup wizard cannot fix the changes introduced on 13 September 2006 (which cause similar problems).

Versions 0.2.1 and 0.2.2 of the POPFile SSL Setup wizard (released 14 September 2006 and 19 November 2006) download the SSL files then apply a patch to downgrade the SSL.pm file (from IO::Socket::SSL v0.99, v0.999 or v1.01) to v0.97 to make it compatible with POPFile.

Since there will always be a delay between incompatible SSL files appearing on the University of Winnipeg repository and the SSL Setup wizard being updated to cope with these new files, version 0.1.7 (or later) of the wizard can install some old SSL files instead of downloading the latest versions.

These old SSL support files are compatible with POPFile 0.22.0, 0.22.1, 0.22.2, 0.22.3 and 0.22.4. To force the wizard to install these old files instead of downloading the latest files from the University of Winnipeg repository use the command

addssl.exe /BUILTIN

If you need SSL support and have a full Perl installation, you need to install the following additional Perl modules:

1. IO::Socket::SSL (IO-Socket-SSL.ppd)
2. Net::SSLeay (ppm install http://theoryx5.uwinnipeg.ca/ppmpackages/Net_SSLeay.pm.ppd)
3. OpenSSL (should install automatically with above packages)

• Note for non-Windows users (e.g. Mac OS X v10.4.2, SuSE 9.0): if your system has IO::Socket::SSL v0.97 you may need to revert to IO::Socket::SSL v0.96 to get POPFile's SSL support to work properly.

Then, in your email client, change the username to host:995:username:ssl. If you are using 0.22.3 or later you can change the username to host:username:ssl (i.e. just add ':ssl' to the normal value for POPFile-enabled accounts).

Please note that the SSL connection is between POPFile and the mail server, so do not configure the email client to use SSL for this account (POPFile will not accept an SSL connection from your email client). If you previously had your email client set to make an SSL connection to the server you must turn that off.

Note: Windows users should disable forking (this is the default setting) when using SSL connections. If you have enabled forking you can disable it by one of the following:

• changing the “Allow concurrent POP3 connections” setting from “Yes” to “No” on the Configuration page
• changing the “pop3_force_fork” parameter on the Advanced page in the UI from “1” to “0”
• shutting down POPFile and editing the “pop3_force_fork” setting in the popfile.cfg file (0 = disabled)

See also:

• Can I use APOP and SSL together?