This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: Enabling SSL for IMAP and POP3 From: "Steven Hildreth" <steven@aprotex.com> Date: Mon, 8 May 2000 10:30:59 -0500 From: "Enrico Payne" <enricop@pharma.co.za> > > Hi, how do I enable SSL for IMAP and POP3. I am running RH6.0 with > > sendmail... > > > > Regards > > Enrico > > > > PS. Thanks to all those who responded to my earlier query regarding > sockets. > I use SSL for my IMAP and SMTP clients using Outlook Express, here is how I did it (not saying the best way but it works reliably).. use sslwrap (I snagged it at ftp.zedz.net) and setup services ports 465 (SMTP) and 993 (IMAP) for SSL ports (/etc/services) and then setup the Outlook Express client to use those ports. Redirect the sslwrap to the local 25 and 143 ports. If you would like I can send you a copy of my /etc/inetd.conf and /etc/services config files. === Subject: Re: Enabling SSL for IMAP and POP3 From: "Steven Hildreth" <steven@aprotex.com> Date: Mon, 8 May 2000 16:47:21 -0500 From: "Zoki" <zoki@magic.fr> > > On Mon, 8 May 2000, Steven Hildreth wrote: > > > > ->I use SSL for my IMAP and SMTP clients using Outlook Express, here is > > ->how I did it (not saying the best way but it works reliably).. > > > > <snip> > > > > ->If you would like I can send you a copy of my /etc/inetd.conf and > > ->/etc/services config files. not a problem - below is the /etc/services file, stuff regarding the stuff you need (just append this to your file in not already there): ---------------------------------------- # /etc/services: # $Id: services,v 1.4 2000/01/23 21:03:36 notting Exp $ smtp 25/tcp mail imap2 143/tcp imap imap2 143/udp imap # Services added for the Debian GNU/Linux distribution ssmtp 465/tcp # SMTP over SSL simap 993/tcp # IMAP over SSL -------------------------------------- below is the /etc/inet.conf file, again just the stuff you asked about ----------------- imap stream tcp nowait root /usr/sbin/tcpd imapd #This is a ssl implementation that works great with Outlook Express and Eudora, not netscape simap stream tcp nowait root /usr/sbin/tcpd /usr/bin/sslwrap -cert /usr/local/ssl/certs/server.pem -port 143 ssmtp stream tcp nowait root /usr/sbin/tcpd /usr/bin/sslwrap -cert /usr/local/ssl/certs/server.pem -port 25 -------------------------- === Subject: Re: Enabling SSL for IMAP and POP3 From: Bret Hughes <bhughes@elevating.com> Date: Mon, 08 May 2000 17:35:31 -0500 What do you have to do to use netscape as a client and why does it not work great with it. I've been thinking pretty hard about letting our email be exposed to the net through our DSL link but haven't really convinced myself I can do it safely. I use ssh and forward a connection to the imap server through the firewall that will only accept the keys and passphrase but my patner thinks that is too complicated to do so he leaves his mail on the ISP server too. Very interested in your reply when/if you have the time. === Subject: Re: Enabling SSL for IMAP and POP3 From: "Steven Hildreth" <steven@aprotex.com> Date: Tue, 9 May 2000 07:47:17 -0500 The port for the SSL (465 and 993) seem to be a little off standard. With both Outlook and Eudora you can set the ports by just filling in the blank. Netscape (as far as I have found) does not allow this, it wants the SSL tunnel on the same (25 and 143) ports, and with the SSL wrapper re-direction this does not work well, because then the non-SSL clients (like other mail servers) cannot connect to the non-SSL 25, just causes a big mess. I have tried to setup Netscape using its configuration file, basically if you can figure out how to set the SSL IMAP and SSL SMTP ports on netscape to the 465 and 993 then Netscape would work. In all honesty I have to say I fought moving from Netscape Messanger to Outlook Express, big bad Microsoft Train, but it actually works really well with a IMAP client and even supports custom (non-CA signed) certs for email encryption, something that Netscape hated. This allows us to also create our own signed (with us being the CA) certs and then creating user certificates and signing them ourselves (don't have to pay the man this way, we have full control also security wise on the storage and delivery of our Root CA cert, also we can specify the Key size - like 4096 for the master and 2048 for the users). ===