Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 11. EmailNext

11.5. Mail User Agents

There are scores of mail programs available under Red Hat Linux. There are full-featured, graphical email client programs, such as Mozilla Mail or Ximian Evolution, as well as text-based email programs such as mutt and pine.

For instructions on using these applications, refer to the chapter titled Email Applications in the Red Hat Linux Getting Started Guide.

The remainder of this section focuses on securing communication between the client and server.

11.5.1. Securing Communication

Popular MUAs included with Red Hat Linux, such as Mozilla Mail, mutt, and pine, offer SSL-encrypted email sessions.

Like any other service that flows over a network unencrypted, important email information, such as usernames, passwords, and entire messages, may be intercepted and viewed by users on the network. Additionally, since the standard POP and IMAP protocols pass authentication information unencrypted, it is possible for an attacker to gain access to user accounts by collecting usernames and passwords as they are passed over the network.

11.5.1.1. Secure Email Clients

Most Linux MUAs designed to check email on remote servers support SSL encryption. In order to use SSL when retrieving email, it must be enabled on both the email client and server.

SSL is easy to enable on the client-side, often done with the click of a button in the MUA's configuration window or via an option in the MUA's configuration file. Secure IMAP and POP have known port numbers (993 and 995, respectively) that the MUA will use to authenticate and download messages.

11.5.1.2. Securing Email Client Communications

Offering SSL encryption to IMAP and POP users on the email server is a simple matter.

First, create an SSL certificate. This can be done two ways: by applying to a Certificate Authority (CA) for an SSL certificate or by creating a self-signed certificate.

CautionCaution
 

Self-signed certificates should be used for testing purposes only. Any server used in a production environment should use an SSL certificate granted by a CA.

To create a self-signed SSL certificate for IMAP, change to the /usr/share/ssl/certs/ directory and type the following command as root: 

make imapd.pem

Answer all of the questions to complete the process.

To create a self-signed SSL certificate for POP, change to the /usr/share/ssl/certs/ directory, and type the following command as root: 

make ipop3d.pem

Again, answer all of the questions to complete the process.

Once finished, use the /sbin/service command to start the appropriate daemon (imaps or pop3s). Then, set the imaps or the pop3s service to start at the proper runlevels using an initscript utility, such as Services Configuration Tool (redhat-config-services). Refer to Section 1.4.2 Runlevel Utilities for more information about initscript utilities.

Alternatively, the stunnel command can be used as an SSL encryption wrapper around the standard, non-secure daemons, imapd or pop3d.

The stunnel program uses external OpenSSL libraries included with Red Hat Linux to provide strong cryptography and protect the connections. It is best to apply to a Certificate Authority (CA) for an SSL certificate, but it is also possible to create a self-signed certificate.

To create a self-signed SSL certificate, change to the /usr/share/ssl/certs/ directory, and type the following command: 

make stunnel.pem

Again, answer all of the questions to complete the process.

Once the certificate is generated, it is possible to use the stunnel command to start the imapd mail daemon using the following command: 

/usr/sbin/stunnel -d 993 -l /usr/sbin/imapd imapd

Once this command is issued, it is possible to open an IMAP email client and connect to the email server using SSL encryption.

To start the pop3d using the stunnel command, type the following command: 

/usr/sbin/stunnel -d 993 -l /usr/sbin/pop3d pop3d

For more information about how to use stunnel, read the stunnel man page or refer to the documents in the /usr/share/doc/stunnel-<version-number>/ directory.

PrevHomeNext
Mail Delivery AgentsUpAdditional Resources
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.