POP3 is a protocol that provides remote access to a users email. It runs on port 110 and is sent in the clear. In order to offer some degree of privacy

[user@host ~]$ su -
Password:
[root@host ~]# cd /etc/stunnel/
[root@host stunnel]# vi stunnel.conf
    cert = /etc/stunnel/mail.prm
    chroot = /var/chroot/stunnel
    setuid = nobody
    setgid = nogroup
    pid = /stunnel.pid

    [gnu-pop3d]
    accept = 995
    connect = 110
[root@host stunnel]# openssl req -new -days 365 -nodes -x509 -config stunnel.cnf
    -out mail.pem -keyout mail.pem
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
..++++++
.........++++++
writing new private key to 'stunnel.pem'
-----
You are about to be asked to enter information that will be incorporated into
    your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:US
State or Province Name (full name) [Some-State]:State
Locality Name (eg, city) []:City
Organization Name (eg, company) []:Company

Organizational Unit Name (eg, section) []:Section
Common Name (eg, YOUR name) []:mailserver.domain.com
Email Address []:postmaster@domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@host stunnel]# chmod 600 mail.pem
[root@host stunnel]# gnu-pop3d -p 110 &
[root@host stunnel]# stunnel &

References:
Stunnel
FreeBSD Diary
GNU MailUtils
POP3

One Response to “Secure POP3”

  1. xsyntrex Says:

    I updated the post to fix a couple of mistakes and an omission.

Leave a Reply

You must be logged in to post a comment.