chroot
Starting in version 1.5.0 POPular supports SSL and TLS if compiled with the OpenSSL library. You need at least version 0.9.6b. SSL/TLS is only available if POPular was configured with the --enable-ssl.
Each virtual server can be configured to either use unencrypted connections or to use SSL/TLS connections or use the RFC2595 style STARTTLS command. Use the prot and starttls options of the vserv command to set this as follows:
For usage without SSL/TLS set prot to "pop3" and starttls to "off".
For direct SSL/TLS usage without STARTTLS set prot to "pop3s" and starttls to "off".
For usage of an optionally encrypted connection set prot to "pop3" and starttls to "optional". The connection will start out unencrypted and can be switched over to encrypted with the STARTTLS command before authentication.
For forced use of the STARTTLS command set prot to "pop3" and starttls to "force". The client will have to send a STARTTLS command before he is allowed to do anything else.
Certificate files must be stored in the directory named by the tlsdir variable. The files must have the name of the virtual server they are used for plus a ".pem" extension. Each file contains the RSA private key and a certificate for this virtual server.
See the prng for instructions how to seed the pseudo random number generator.
SSLv2 is considered insecure and disabled by default. Use the allowsslv2 variable to change this behaviour.
The connection between pproxy and pserv is always unencrypted. Use a secure tunnel if they are not in the same LAN.