KBTAG: kben10000141
URL:
http://www.securityportal.com/lskb/10000100/.html
Date created: 07/08/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: SSL wrapping POP and IMAP servers
Keywords: Network/Email
POP and IMAP send usernames and passwords in the clear. SSL wrapping them prevents this.
Install OpenSSL and stunnel. Edit inetd.conf:
simap stream tcp nowait root /usr/sbin/stunnel imapd -l imapd
You also need to create certificates, use this template for the stunnel.cnf configuration file.
RANDFILE = stunnel.rnd [ req ] default_bits = 1024 encrypt_key = no distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) organizationName = Organization Name (eg., company) 0.commonName = Common Name (FQDN of your server) [ cert_type ] nsCertType = server
openssl req -new -x509 -days 365 -config /etc/stunnel.cnf -out /etc/stunnel.pem -keyout stunnel.pem openssl x509 -subject -dates -fingerprint -noout -in stunnel.pem