Re: SSL for smtp & pop
Wilson Yau wrote:
> Maybe this is not quite a relevant question should be posted on this
> mailing list, but I'd be very grateful if anyone can give me quick &
> correct answers to the following questions:
>
> Q.1/ I have a mail server running Debian/GNU Linux Potato 2.2 w/ kernel
> 2.2.15. Is there any open source utilities I can use to enable SSL
> support for both pop & smtp?
The qmail-src package provides the source for the excellent MTA qmail. See:
http://www.qmail.org/top.html . SSL (read: TLS) support in qmail is available through
a patch which is listed on the qmail page:
http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch . I haven't tried to compile
and use this myself. Actually if I may insert my opinion TLS is worthless for general
use because you can only count on the mail being encrypt from you to your MTA. After
that it will be relayed to the next SMTP server and that one probably doesn't support
TLS so it'll be sent in the clear. SSL is lots easier for POP because with POP SSL is
handled differently. With SMTP support is added through a special command (STARTTLS)
which tells the server to start up TLS. This is necessary because SMTP always has to
run on port 25 since all systems assume this. With POP, a different port is used.
Standard pop-3 runs on port 110 and pop-3 over ssl uses port 995. So, if you want to
run pop-3 over ssl you can use the stunnel package. The stunnel package works by just
sitting in between the client and any old pop-3 server you care to run.
> Q.2/ Do Outlook Express 5.0 onwards & Netscape 4.6 onwards offer SSL
> support for both pop & smtp? If they do not, any other mail clients do?
Netscape 4.6 does support secure pop-3 and smtp. I haven't tried the secure smtp
before but I have used pop-3 over ssl and can testify that it works.
> Thank you for your quick help!
Sure, if you want any tips on qmail or setting up secure pop-3 I'd be happy to lend my
experience.
--
Jens B. Jorgensen
jens.jorgensen@cmgisolutions.com
Reply to: