XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > Announcements > Xmail And Ssl Support


Posted by: Eugene Mar 3 2005, 04:20 PM
Hi there.

I added support of STARTTLS and STLS to the Xmail v1.21.
http://mail.godeltech.com/xmail/win32_bin/xmail-ssl-0.0.1a-bin.zip it is a win32
binary distribution of Xmail v1.21 with SSL extension
(It contains only executables. Before using it you should have working Xmail server installed).
I compiled and tested it only with openssl-0.9.7e. All necessary files are included in win32 distribution.

How to make it to work:

First of all you shoud make a certificate using make-cert.bat
(for more info about certificate please refer http://www.stunnel.org/faq/certs.html#ToC5)
After the certificate is ready put it inside of MailRoot folder.

Then you shoud add the new variables to the server.tab
"SMTP-SSL"[TAB]"1"
"POP3-SSL"[TAB]"1"
"SMAIL-SSL"[TAB]"1"
"SSLCertificate"[TAB]"xmail-ssl.pem"

"SMTP-SSL" - allow or not support of STARTTLS command by SMTP, by default 0
"POP3-SSL" - allow or not support of STLS command by POP3, by default 0
"SMAIL-SSL" - allow or not send mail via SSL(ONLY if remote SMTP supports EHLO and STARTTLS), by default 0
"SSLCertificate" - file with certificate

WARNING!!! it is an EXPERIMENTAL version,
it was tested under win2003 server and outlook express v6 and Opera mail client 8.00.

Linux sources:
http://mail.godeltech.com/xmail/src/xmail-ssl-0.0.1a-src.tar.gz
WARNING!!! I compiled ONLY (under Debian GNU/Linux 2.2) and I did not test it.
I added Makefile-SSL.lnx for compiling under linux with SSL support.
You shoud have installed openssl-0.9.7e and
have libssl.a and libcrypto.a in /usr/lib and headers in /usr/include/openssl

Win32 sources:
http://mail.godeltech.com/xmail/src/xmail-ssl-0.0.1a-src.zip
In win32 source package I added openssl headers, ssleay32.lib and libeay32.lib,
so you don't need nothing more for compiling under win32.
As I used VC7.1 for compiling I added solution mailsvr.sln and all
necessary *.vcproj to the package.

If you want to compile it under VC6 you shoud make the following changes
in the project mailsvr:
Add the preprocessor definition USE_SSL
Add the following files to the project:
SSLSupport.cpp
SSLSupport.h

Add right path for openssl headers and inlude ssleay32.lib and libeay32.lib
to the linker library and of course add path where these library can be found.

Whooo.... that's it smile.gif, I hope I did not forget anything.

P.S

If the author of Xmail do not mind my changing the code (and it is not buggy of course),
may be he will include those changes to the next builds of Xmail.

Posted by: hschneider Mar 4 2005, 02:46 PM
Thanks for the contrib! Pls contact Davide at xmailserver.org . Would be nice to see this going into the core source.

Posted by: Eugene Mar 14 2005, 12:34 AM
Hi there.
I wrote to Davide, there is his reply sad.gif :

QUOTE

> Hello Davide.
>
> First of all, thanks to the great mail server.
>
> If you are interested in support SSL by Xmail(STARTLS, STLS),
> I would provide my implementation of SSL support by Xmail,
> more info can be found at http://xmailforum.homelinux.net/index.php?showtopic=2415
>
> It will be nice to see native support of SSL by Xmail in future builds.

I don't think to add SSL to XMail, at least for the moment. Major reasons
are, 1) there is not enough request for it 2) I hate external libraries
dependencies. I suggest you to 1) test carefully your code on every
platform XMail supports 2) put your patches over the mailine XMail code
inside an organized HTML page. Then, I will link your HTML page from
inside the XMail home page.

- Davide


I made home page about XMail and SSL.
http://mail.godeltech.com/xmail

Posted by: hschneider Mar 15 2005, 11:44 AM
Fine. Pls notify Davide to, so he can add your link to the list at xmailserver org. Again thanks for this valuable contrib!

Posted by: forth Mar 24 2005, 03:29 PM
Installed it on Win2K3. Works great !

Using Outlook clients, Mozilla and Ericsson P910i with secure login. No problems. image008.gif

Send and receive mail from/to Sendmailserver with TLS active, no problem either.

I would like to see it in the future releases of Xmailserver.

/Christer

Posted by: pierre-oord May 13 2005, 05:18 PM
QUOTE (forth @ Mar 24 2005, 03:29 PM)
Installed it on Win2K3. Works great !

Using Outlook clients, Mozilla and Ericsson P910i with secure login. No problems. image008.gif

Send and receive mail from/to Sendmailserver with TLS active, no problem either.

I would like to see it in the future releases of Xmailserver.

/Christer

I would like to see this too, i'll patch my Xmail in the weekend I think.

What's the problem about adding SSL support? Can't davide create in the ./configure script an option --with-ssl, which defaults to disabled? Then it's easy to enable, but not needed for a standard installation.

Posted by: hschneider May 13 2005, 05:28 PM
Pls post your feature request directly to Davide. It'S unlikely that he reads them here.

Posted by: Eugene Jul 7 2005, 12:52 PM
Hi there.
I released the new version of the SSL patch 0.0.2b for the XMail v1.21.

I made some changes for inter SMTP servers communication.
These changes correspond to SMAIL-SSL variable.

In some cases after SSL session is established with Exim(in our case), it fails with error(example):
<SSL session is established>
220-server1 ESMTP Exim 4.43 #0 Wed, 29 Jun 2005 23:34:46 +0200
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
MAIL FROM: <user1@server1> size=4050
501 <user1@server1> size=4050: malformed address: size=4050 may not
follow <user1@server1>

Thus after SSL is established I send RSET and then EHLO again.

Now it works very well smile.gif.

Thanks to Stefan from cuba.ionum.ch who reported about this problem.
You can get the new version from: http://mail.godeltech.com/xmail

Posted by: NomadCF Jul 11 2005, 01:53 PM
What would really be the icing on the cake would be server to server SSL for all mail transporting.

Secure and encrypted mail transport with out any extra hassle on the clients end smile.gif

Posted by: hschneider Jul 27 2005, 07:10 AM
Happy birthday ! wink.gif

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)