June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
8.11. Securing POP/IMAP with SSL and Pine
Problem
You want to secure your POP or IMAP email session. Your mail client is pine, and your mail server supports SSL.
Solution
Test whether you can use STARTTLS, as explained in SSL for Securing Mail:
$ pine -inbox-path='{mail.server.net/user=fred/protocol}'replacing protocol with either
pop or imap as desired. One
of three outcomes will occur:
You get no connection. In this case, you cannot use STARTTLS; move on and try SSL-port, below.
You get a connection, but the login prompt includes the word
INSECURE:HOST: mail.server.net (INSECURE) ENTER LOGIN NAME [fred] :
In this case, you again cannot use STARTTLS; move on and try SSL-port, below.
You get a connection and the login prompt does not say
INSECURE. In this case, congratulations, you have a secure mail connection. You are done.
If you could not use STARTTLS as shown, try the SSL-port method:
$ pine -inbox-path='{mail.server.net/user=fred/protocol/ssl}'again replacing protocol with either
pop or imap as appropriate.
To ensure you have a secure connection (i.e., to forbid
pine to engage in weak authentication, unless
it’s over a secure connection), add
/secure to your inbox-path.
For example:
$ pine -inbox-path='{mail.server.net/user=fred/imap/secure}'If none of this works, your ISP does not appear to support IMAP over SSL in any form; try SSH instead. [Recipe 8.16]
Discussion
You might be able to simplify the mailbox specifications; for instance:
{mail.server.net/user=fred/imap}could be simply ...