Use Stunnel to Secure POP, IMAP and SMTP

I have been toying with running secure pop and smtp email of late for a few roaming users as well as myself. It has been quite simple to setup running on Postfix and largely moves toward securing the transaction of checking email (other than from a man in the middle attacks, somewhat unlikely).

The beauty is leveraging Stunnel – which allows one to configure your preferred mail server as you wish and simply intercept your secure ports (for example Port 995 for POP3s and 465 for SMTP). This may not be the way to tacke it for the large scale as one can build secure configurations into the mail server – though it has worked nicely on a small scale for me during testing.

A bonus to use of Stunnel is its indifference to what mail server one is running – and its sole dependence fortunately is on OpenSSL – which most of us have by default on our boxes.

Stunnel has a straightforward Man doc and some simple examples that will enable you to test quickly. Obviously insure your mail client handles SSL connections – fairly universal at this point.

I also had a bit of a dated HowTo in my links that serves up a more in-depth example. This article also addresses opening up iptables firewall ports, configuring xinetd and includes IMAP information.

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • Lachlan

    I use Putty or OpenSSH as a SOCKS5 proxy, which then automatically forwards the appropriate server ports to your application. This way all you have to open on the firewall is an SSH daemon. This is a marvelous technique for getting around restrictive firewalls too :)