Secure POP and Tiger Server


It took me a little while to figure out what was going on, but once I did, I was able to get my phone talking to POP on my Tiger Server again. If you're having problems POPing to a Cyrus or Tiger Server using SSL, you may be in need of this info.

I may not have lamented about this in the past, but the P910 (especially) has a nasty little IMAP client that insists on downloading a full folder listing every time you connect (despite basically doing nothing with it). So, I'm using secure POP for now until I can write an IMAP front end that makes everything except the inbox invisible. However, until then, I uses SPOP.

Unfortunately, when I upgraded to Tiger Server, it broke, and it took me a little time to remember what I'd done to fix it with Panther (since it had been >1yr since I did the config for it).

Well, the answer is to go to /etc/cyrus.conf and replace the line:

#pop3s         cmd="pop3d -s" listen="pop3s" prefork=0

with

 pop3s         cmd="pop3d" listen="pop3s" prefork=0

What this does is make the pop3 daemon start up without SSL initially and only begin using TLS (SSL) when the "stls" command is given. For the P900/P910, this is OK, because this is the mechanism it expects, much like most (if not all) IMAP clients.

Apparently, some old-school clients like POP3 pre-encapsulated in their SSL cocoon before any data is exchanged, but that's not good practice (in my opinion).