Securing your qmail-popup server (port 995)


#1

qmail-popup provides text-based access to your mailboxes. You can secure this connection by applying ssl based configuration in your system.

Below is an example on GNU Debian/Linux where qmail is a mail transfer agent.

Install openssl and stunnel:

apt-get install openssl
apt-get install stunnel4

Create ssl certificate:

openssl req -new -x509 -nodes -out servercert.pem -days 3650 -keyout servercert.pem
cp servercert.pem /var/qmail/control

Edit /var/qmail/control/pop3s.conf file:

debug = 1
output = /var/log/qmail/stunnel.log
cert = /var/qmail/control/servercert.pem
exec = /var/qmail/bin/qmail-popup
execargs = /var/qmail/bin/qmail-popup mail.yourserver.com \
           /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir

Edit /etc/init.d/qmail start-stop script and add the lines below in start section:

sh -c "start-stop-daemon --start --quiet --user root \
--pidfile /var/run/tcpserver_pop3-ssl.pid --make-pidfile \
--exec /usr/bin/tcpserver -- -R -H -v -l mail.yourserver.com -c100 0 995 \
/usr/bin/stunnel4 /var/qmail/control/pop3s.conf 2>&1 &"