19.5. Mail User Agents
19.5.1. Securing Communication
IMAPprotocols pass authentication information unencrypted, it is possible for an attacker to gain access to user accounts by collecting user names and passwords as they are passed over the network.
126.96.36.199. Secure Email Clients
POPhave known port numbers (
995, respectively) that the MUA uses to authenticate and download messages.
188.8.131.52. Securing Email Client Communications
POPusers on the email server is a simple matter.
POP, change to the
/etc/pki/dovecot/directory, edit the certificate parameters in the
/etc/pki/dovecot/dovecot-openssl.cnfconfiguration file as you prefer, and type the following commands, as
rm -f certs/dovecot.pem private/dovecot.pemdovecot]#
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem
service dovecot restartcommand to restart the
stunnelcommand can be used as an encryption wrapper around the standard, non-secure connections to
stunnelutility uses external OpenSSL libraries included with Red Hat Enterprise Linux to provide strong cryptography and to protect the network connections. It is recommended to apply to a CA to obtain an SSL certificate, but it is also possible to create a self-signed certificate.
stunneland create its basic configuration. To configure
stunnelas a wrapper for
POP3S, add the following lines to the
[pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143
stunnel. Once you start it, it is possible to use an
POPemail client and connect to the email server using SSL encryption.