From owner-freebsd-questions Sun Jan 21 17:45:43 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.thpoon.com (cr103675-a.bloor1.on.wave.home.com [24.42.106.79]) by hub.freebsd.org (Postfix) with SMTP id AEDBA37B400 for ; Sun, 21 Jan 2001 17:45:25 -0800 (PST) Received: (qmail 94231 invoked from network); 22 Jan 2001 01:45:24 -0000 Received: from unknown (HELO tea.thpoon.com) (mail@192.168.1.2) by cr103675-a.bloor1.on.wave.home.com with SMTP; 22 Jan 2001 01:45:24 -0000 Received: from antipode by tea.thpoon.com with local (Exim 3.12 #1 (Debian)) id 14KW2u-0004yU-00; Sun, 21 Jan 2001 20:45:24 -0500 To: freebsd-questions@freebsd.org Cc: cjclark@alum.mit.edu Subject: imap and pop3 via stunnel (was: UW-IMAP server and secure authentication) References: <87hf2s4hb7.fsf@tea.thpoon.com> <20010121154230.Z10761@rfx-216-196-73-168.users.reflex> From: Arcady Genkin X-Face: 0=A/O5-+sE[Tf%X>rYr?Y5LD4,:^'jaJ!4jC&UR*ZrrK2>^`g22Qeb]!:d;}2YJ|Hq"LHdF OX`jWX|AT-WVFQ(TPhFVak)0nt$aEdlOq=1~D,:\z5QlVOrZ2(H,mKg=Xr|'VlHA="r Mail-Copies-To: never Date: 21 Jan 2001 20:45:24 -0500 In-Reply-To: <20010121154230.Z10761@rfx-216-196-73-168.users.reflex> Message-ID: <87g0ic4ax7.fsf_-_@tea.thpoon.com> Lines: 32 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Channel Islands) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Crist J. Clark" writes: > I don't see why you can't use a self-signed cert. Provided you > distribute it securely (relative to what you are protecting and other > security measures), it is a fairly good solution. I basically want to disable any ways of connecting to my computer with user names/passwords sent in clear text. What do you mean by "distribute it securely"? > I have never used SSL within UW IMAP. However, I set up a mailserver > which used stunnel (in the ports) to get SSL access to UW IMAP. Making > a self-signed cert with stunnel was painless and a reasonable solution > for that organization. This is great! I just installed stunnel and had imapd and ipop3d working with it in no time. I'm using the scurity certificate generated by "make cert". Thanks a lot, Christ! > Almost all of the users were using M$ Outlook Express as a MUA. A > few Netscape Messenger users. Neither had an problems. I just had a MS Outlook Express user confirm successful POP3 retrieval over SSL. I'm happy. The only thing that's bothering me is your phrase about distributing the certificate: I did not send the user anything, he was just able to connect by changing mail server configuration in his mailer. Was the connection secure in this case? Many thanks, -- Arcady Genkin Don't read everything you believe. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message