FYI: How to check an SSL pop3 email account

249 views
Skip to first unread message

Rosewood

unread,
Jan 6, 2004, 1:49:51 AM1/6/04
to
Earlier I asked how I can use the Exchange POP connector
to check pop3 email servers that use SSL encryption. It
turns out that the Exchange POP Connector can not by
default.

This is VERY Sad since pop3 is a non-encrypted protocol!
However, there is a very easy solution. I wish I knew a
better place to share this information so if you know of
another group that would benefit from this information
please let me know!

1: http://www.stunnel.org/download/binaries.html -
download the latest binary of Stunnel. This program is
what handles the SSL translation for you. Download this
to something like C:\stunnel

2:
http://umn.dl.sourceforge.net/sourceforge/gnuwin32/openssl-
0.9.7c-bin.exe download and install - this gives you the
ssl dlls that you need. You will need to then copy
C:\Program Files\GnuWin32\bin\*.dll to C:\windows\system32

3: next you need to create a file in C:\stunnel called
stunnel.conf and in this file you need the following
settings:

client=YES
service=servicename1

[servicename1]
accept = 127.0.0.1:111
connect = pop3.mailserver.net:995

--end of config--
You can change the port at the end of 127.0.0.1 to
whatever you want. Change the pop3 part to whatever your
pop3 server is and 995 to whatever port - but 995 is the
norm.

Save the config and start up stunnel. You should have a
little icon in your system tray.

Voila, now point your mail client or your mail connector
to 127.0.0.1:111 or whatever port you specified and the
SSL connection is seemless.

Enjoy your much more SECURE email now.

Btw, you can use stunnell.exe -help to find out how to
start this as a system service :)

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

unread,
Jan 6, 2004, 2:38:54 AM1/6/04
to
Email is pretty non encrypted in general, pop or no pop.

If you are that concerned... forget pop period and do SMTP and encrypt
your email with digital certs.

But thanks for the info.

--
http://www.sbslinks.com/really.htm

Rosewood

unread,
Jan 6, 2004, 3:04:34 AM1/6/04
to
The problem is getting EVERYONE around you to do the same
thing. This is okay in a business to set this type of
requirement but it will take a lot of work to get everyone
to encrypt their email

So, the next best thing is to make sure that when you
download email from a pop3 server, you are using an SSL
connection. Quite a few people use pop3 servers that have
SSL encryption and its a very good thing! If it was not
used, Outlook and every other mail client would not have
an SSL option. SSL is very handy -- heck, httpS(sl) --
right?

However, the POP3 connector in Exchange doesnt know what
to do with a pop3 server that is encrypted via SSL. So,
now we can get around that limitation fairly easily!

Its a good thing to keep in your back pocket... I just
wish I had a better place to share this information :(

>.
>

Sam

unread,
Jan 6, 2004, 4:42:23 AM1/6/04
to
Dear Rosewood,

Yes I love the solution you posted here, although I think that most (if not
all) emails before arriving your POP3 maibox are in clear text over the
internet.

However, your solution is excellent for use to securely collect emails
between 2 offices : 1 with Exchange 2003 and the other one belong to a
highly secure department with internal Secure POP3 server.

Best regards,

Sam


"Rosewood" <rose...@nospam.shackmail.com> wrote in message
news:074a01c3d42b$b9039d90$a401...@phx.gbl...

Reply all
Reply to author
Forward
0 new messages