Pop3

[Dustin Decker]

On Thu, 4 Apr 2002, Michael Pratt wrote:

> Is there an easy to configure pop3 server out there that is secure? If so
> where do I get it?
Hrm... I'm going to show off my RedHat colors here but if you are making
use of RedHat 7.2 there are secure implementations of pop and imap both
in the box.

Configuration is easy - I'll just throw you the blurb from RedHat on how
to get this done:

Secure Email Servers
Offering SSL encryption to IMAP and POP users on the email server is
almost as easy. Red Hat Linux also includes the stunnel package, which
is an SSL encryption wrapper that wraps around standard, non-secure
network traffic for certain services and prevents interceptors from
being able to "sniff" the communication between client and server. While
stunnel can be used with more than email communication, it really shines
when providing protection for normally insecure email protocols.

The stunnel program uses external SSL libraries, such as the OpenSSL
libraries included with Red Hat Linux, to provide strong cryptography
and protect your connections. You can apply to a Certificate Authority
(CA) for an SSL certificate, or you can create a self-signed certificate
to simply provide the benefit of the SSL encrypted communication.

To create a self-signed SSL certificate, change to the
/usr/share/ssl/certs directory, type the make stunnel.pem command, and
answer the questions. Then, use stunnel to start the mail daemon that
you wish to use.

For example, the following command could be used to start the IMAP
server included with Red Hat Linux:

/usr/sbin/stunnel -d 993 -l /usr/sbin/imapd imapd

You should now be able to open an IMAP email client and connect to your
email server using SSL encryption. Of course, you will probably want to
go a step further and configure your stunnel-wrapped IMAP server to
automatically start up at the correct runlevels.

For more information about how to use stunnel, read the stunnel man page
or refer to the documents in the /usr/share/doc/stunnel-<version-number>
directory.

Alternatively, the imap package bundled with Red Hat Linux contains the
ability to provide SSL encryption on its own without stunnel. For secure
IMAP connections, create the SSL certificate by changing to the
/usr/share/ssl/certs directory and running the make imapd.pem command.
Then, set the imaps service to start at the proper runlevels and restart
xinetd to enable the service.

You can also use the ipop3 package bundled with Red Hat Linux to provide
SSL encryption on its own without stunnel.

<end redhat stuff>

Of course, you can also go a step further and purchase a genuine
certificate from verisign or the like... it depends on who will be using
the server.  (I.E. if this is for the general public, you might want to
go this extra step.)

Dustin

-- 
No sense being pessimistic.  It wouldn't work anyway.