Announcement

Collapse
No announcement yet.

pop3 over ssl

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • pop3 over ssl

    i see in my email client that you can tell it to use SSL for the pop3 server. when i check it it changes from port 110 to 995.

    heres my question. i am poor; i cannot afford a 'store bought' ssl cert. i have created my own thru cert. server, and i am able to use SSL for my web stuff. of course, i have to hit ok or proceed on the warning screen (about the cert. not being trusted), but it works. can you do this same thing for pop3? i know my mail server supports ssl for pop3, but i am wondering if i can use my own certificate (even if i get a warning - thats ok).

    i know that pop3 usernames and passwords are sent in clear text. is there any other way to secure this? (other than a vpn, ipsec, etc.)

    thanks
    Last edited by uglyb0b; April 1, 2003, 20:26.

  • #2
    Re: pop3 over ssl

    Originally posted by uglyb0b
    i have created my own thru cert. server, and i am able to use SSL for my web stuff. of course, i have to hit ok or proceed on the warning screen (about the cert. not being trusted), but it works.
    BTW: This won't happen if you have a copy of the root cert on your system. You only get this message because none of the chained certificates you have that come with your browser can verify its status.

    Which CA are you using to generate your root certificates? Also which mail server are you considering enabling pop3s? Are you using S/MIME at all for your messages once they leave the server? ... so many questions, so little time!

    Comment


    • #3
      Re: Re: pop3 over ssl

      Originally posted by blackwave
      Which CA are you using to generate your root certificates? Also which mail server are you considering enabling pop3s? Are you using S/MIME at all for your messages once they leave the server? ... so many questions, so little time!
      I was using NT4 but about to switch to 2000 server. The mail server is an older release of Merak Pro. It will be upgraded to the current release within a few weeks.

      I dont see any options within Merak relating to S/MIME. Perhaps a newer release will offer this? In fact, the only thing I see related to this is the port which SSL runs on. I'll do some reading on S/MIME. Any other direction or tips would be great. Thanks.

      Comment


      • #4
        Re: Re: Re: pop3 over ssl

        Originally posted by uglyb0b
        II dont see any options within Merak relating to S/MIME.
        The S/MIME options would all be in your client. You basically would get an s/mime cert from your CA and use it for your email messages so they are encrypted during transfer. You want to use this when you only want the intended recipient to read the email. Otherwise it is vulnerable to being read by anyone. You would use the cert to sign your messages, and people that had your public key would be able to encrypt messages so only you can read them... all about the PKI :)


        Originally posted by uglyb0b
        In fact, the only thing I see related to this is the port which SSL runs on.
        You should see a wizard that would set up the certificate so you can use it for this purpose :) The manual for your mail server should have an example walkthrough.

        Comment


        • #5
          Wow...I didn't know there actually were people who really do use WinBoxes for mail servers. Next thing someone will tell me that there are actual people who use IIS as well....nah...some myths must stay alive.;)
          perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

          Comment


          • #6
            Originally posted by Chris
            Wow...I didn't know there actually were people who really do use WinBoxes for mail servers. Next thing someone will tell me that there are actual people who use IIS as well....nah...some myths must stay alive.;)
            ... you'd love this shirt :)


            i'd get it, but only if the color scheme was reversed :D

            you can pick one up here: http://www.interhemd.de/exchangemicrosoft.html

            Comment


            • #7
              Re: Re: Re: Re: pop3 over ssl

              Originally posted by blackwave
              You basically would get an s/mime cert from your CA and use it for your email messages so they are encrypted during transfer.
              Cool. I will start looking into it. Thanks for the help.

              Comment


              • #8
                Probably the #1 question asked at Defcon:

                How can I securely check my e-mail with my W95/98/2K machine on the LAN?

                Call your ISP an demand a secure site!

                Comment


                • #9
                  Originally posted by astcell
                  Probably the #1 question asked at Defcon:

                  How can I securely check my e-mail with my W95/98/2K machine on the LAN?

                  Call your ISP an demand a secure site!
                  Set up an SSH server at home. Configure Pine to check your Pop mail (if you must use pop). SSH into the box from away. Use Pine to check your mail.
                  perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                  Comment


                  • #10
                    All that assumes that you have DSL or a permanent connection. Some of the kids at the con saved up all summer for a Pentium 133 laptop, they have nothing at home to VPN into.

                    Comment


                    • #11
                      Originally posted by astcell
                      All that assumes that you have DSL or a permanent connection. Some of the kids at the con saved up all summer for a Pentium 133 laptop, they have nothing at home to VPN into.
                      You can always make sure you do by paying for a service, or trying to reliably use some of the free ones that exist.... if you are on the move alot it is always nice knowing you have a more trusty system a few keystrokes away :)

                      Comment


                      • #12
                        Originally posted by astcell
                        All that assumes that you have DSL or a permanent connection. Some of the kids at the con saved up all summer for a Pentium 133 laptop, they have nothing at home to VPN into.
                        If they don't and their isp doesn't offer a secure alternative, I think www.hushmail.com offers free (but limited) accounts. Signup there and have your email forwarded for at least the duration of the conference.
                        "I may disagree with what you have to say, but I shall defend, to the death, your right to say it. -Voltaire"

                        Comment


                        • #13
                          Originally posted by Soybomb
                          If they don't and their isp doesn't offer a secure alternative, I think www.hushmail.com offers free (but limited) accounts. Signup there and have your email forwarded for at least the duration of the conference.
                          I love hushmail and have several premium accounts and a few free ones... they are constantly upgrading and adding new features.. which is cool when it is stable.. but it seems they don't have a full lab because sometimes their premium allocated mailserver1 is down, or the free mailserver3 always is crappy and you have to attempt to relogin and hope you get directed to mailserver2... anyway I LOVE IT and recommend it... but you have to put up with the java... some people bitch about it... bitch all you want.. they rule :)

                          Comment


                          • #14
                            Originally posted by Soybomb
                            If they don't and their isp doesn't offer a secure alternative, I think www.hushmail.com offers free (but limited) accounts. Signup there and have your email forwarded for at least the duration of the conference.
                            I know you can check your POP Mail from hotmail, if you pay, can you do that from hushmail? I think not.

                            Comment


                            • #15
                              Originally posted by astcell
                              I know you can check your POP Mail from hotmail, if you pay, can you do that from hushmail? I think not.
                              Yeah... Microsoft .NET Passport Hotmail having your external mail passwords... try saying that seriously.

                              Comment

                              Working...
                              X