Title: SSL wrapping POP and IMAP servers

KBTAG: kben10000141
URL: http://www.securityportal.com/lskb/10000100/.html
Date created: 07/08/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: SSL wrapping POP and IMAP servers
Keywords: Network/Email

Summary:

POP and IMAP send usernames and passwords in the clear. SSL wrapping them prevents this.

More information:

Install OpenSSL and stunnel. Edit inetd.conf:

simap stream tcp nowait root /usr/sbin/stunnel imapd -l imapd

You also need to create certificates, use this template for the stunnel.cnf configuration file.

RANDFILE = stunnel.rnd
[ req ]
default_bits = 1024
encrypt_key = no
distinguished_name = req_dn
x509_extensions = cert_type
[ req_dn ]
countryName = Country Name (2 letter code)
organizationName = Organization Name (eg., company)
0.commonName = Common Name (FQDN of your server)
[ cert_type ]
nsCertType = server
openssl req -new -x509 -days 365 -config /etc/stunnel.cnf -out /etc/stunnel.pem -keyout stunnel.pem
openssl x509 -subject -dates -fingerprint -noout -in stunnel.pem

Downloads:

http://www.openssl.org/