27.6. Mail User Agents
27.6.1. Securing Communication
muttoffer SSL-encrypted email sessions.
126.96.36.199. Secure Email Clients
188.8.131.52. Securing Email Client Communications
/etc/pki/tls/certs/directory and type the following commands as root:
rm -f cyrus-imapd.pem make cyrus-imapd.pem
/etc/pki/tls/certs/directory, and type the following commands as root:
rm -f ipop3d.pem make ipop3d.pem
ipop3d.pemfiles before issuing each
/sbin/service cyrus-imapd startcommand to start the Cyrus IMAP and POP daemons.
stunnelcommand can be used as an SSL encryption wrapper around the standard, non-secure IMAP and POP protocols. In that case, however, you must disable IMAPS and POP3 in the Cyrus configuration file,
/etc/cyrus.conf. To do so, comment out the lines containing
pop3s, and restart the
stunnelprogram uses external OpenSSL libraries included with Red Hat Enterprise Linux to provide strong cryptography and protect the connections. It is best to apply to a CA to obtain an SSL certificate, but it is also possible to create a self-signed certificate.
/etc/pki/tls/certs/directory, and type the following command:
/etc/stunnel/directory, in which you can store the configuration file. Although stunnel does not require any special format of the file name or its extension, use
/etc/stunnel/stunnel.conf. The following content configures stunnel as a TLS wrapper for secure IMAP and POP:
cert = /etc/pki/tls/certs/stunnel.pem ; Allow only TLS, thus avoiding SSL options = NO_SSLv2 options = NO_SSLv3 chroot = /var/run/stunnel setuid = nobody setgid = nobody pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143
stunnel, read the
stunnelman page or refer to the documents in the
/usr/share/doc/stunnel-<version-number>/ directory, where <version-number> is the version number for