POP3 is a protocol that provides remote access to a users email. It runs on port 110 and is sent in the clear. In order to offer some degree of privacy

[user@host ~]$ su -
[root@host ~]# cd /etc/stunnel/
[root@host stunnel]# vi stunnel.conf
    cert = /etc/stunnel/mail.prm
    chroot = /var/chroot/stunnel
    setuid = nobody
    setgid = nogroup
    pid = /stunnel.pid

    accept = 995
    connect = 110
[root@host stunnel]# openssl req -new -days 365 -nodes -x509 -config stunnel.cnf
    -out mail.pem -keyout mail.pem
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
writing new private key to 'stunnel.pem'
You are about to be asked to enter information that will be incorporated into
    your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:US
State or Province Name (full name) [Some-State]:State
Locality Name (eg, city) []:City
Organization Name (eg, company) []:Company

Organizational Unit Name (eg, section) []:Section
Common Name (eg, YOUR name) []:mailserver.domain.com
Email Address []:postmaster@domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@host stunnel]# chmod 600 mail.pem
[root@host stunnel]# gnu-pop3d -p 110 &
[root@host stunnel]# stunnel &

FreeBSD Diary
GNU MailUtils

One Response to “Secure POP3”

  1. xsyntrex Says:

    I updated the post to fix a couple of mistakes and an omission.

Leave a Reply

You must be logged in to post a comment.