Search Engine: Elastic

Disabling TLS for POP3

Article ID: 114581, created on Aug 15, 2012, last review on May 10, 2014

  • Applies to:
  • H-Sphere 3.4
  • H-Sphere 3.5

Symptoms

You have mail server with SSL enabled, but don’t want to use TLS.

Resolution

  1. Log in to the target mail server and obtain root privileges;
  2. Change current directory to /etc/init.d (on Linux) or /usr/local/etc (on FreeBSD);
  3. Copy the file named “qmaild.tmpl” to “qmaild.tmpl.custom” (on Linux), “qmaild.sh.tmpl” to “qmaild.sh.tmpl.custom” (on FreeBSD) or use an existing file with “.custom” suffix, if any;
  4. Open a file created on step 4 with your favorite editor, and replace the following line:
  • On Linux:
/bin/sh -c "$TCPSERVER $TLS_SWITCH -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
with
/bin/sh -c "tcpserver -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
  • On FreeBSD:
sh -c "$TCPSERVER $TLS_SWITCH -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \with
sh -c "tcpserver -H -R -c $TCP_SERVERS -u $USER_VPOPMAIL -g $GROUP_VCHKPW 0 pop3 qmail-popup $MAIL_SERVER vchkpw qmail-pop3d Maildir $SYSFACILITY &" >/dev/null 2>&1 && STARTED_SERVICES=" pop3" && \
  1. Replace the qmaild init script with the file modified in step 4 and set necessary permissions:
  • On Linux:
# cp qmaild.tmpl.custom qmaild
# chown root:root qmaild
# chmod 750 qmaild
  • On FreeBSD:
# cp qmaild.sh.tmpl.custom qmaild.sh
# chown root:wheel qmaild.sh
# chmod 750 qmaild.sh
  1. Restart qmail to apply changes:
  • On Linux:
# ./ qmaild restart
  • On FreeBSD:
# ./ qmaild.sh restart
  1. You can verify that STLS is not present anymore in the capability list (replace mail.example.com with your target mail server IP):

# telnet mail.example.com 110
Trying 172.16.0.10...
Connected to mail.example.com (172.16.0.10).
Escape character is '^]'.
+OK <20083.1344989468@mail.example.com>
CAPA
+OK capability list follows
USER
TOP
UIDL
.



f90e90e234d2835301363089f6b828e5 6311ae17c1ee52b36e68aaf4ad066387 f213b9fa8759d57bee5d547445806fe7 2e39a5e5b1423cc126cf735bac076008 f51a27b0a406fdfb3fcda8033c7f914d

Email subscription for changes to this article
Save as PDF