SSL encrypted POP sessions ..how?

[rpmws]

SSL encrypted POP sessions ..how? I have several clienst that have asked about this. Seems like a good idea and a bunch of the email clients seem to support some form of it. Is this even possible on a cpanel server? How does it work? anyone know enough about this to share with me?

Thanks in advance

[Juanra]

I think all you have to do is tell your mail client to use it. For example in Outlook Express you have to edit the account's advanced options.

Locate startstunnel in your server, the secure ports should be configured in that file.

I hope someone will correct me if I'm wrong...

[rpmws]

Ok ..I do see that file and I also see references to ports 110 and port 25. I just tried Outlook and get a SSL no socket error. Is there comething else I need to do to make this work client side perhaps?

[rpmws]

OK... figured it out. NOC is blocking port 465 and 995 so I used a test port that they have open. I changed the pop port in stunel restarted cpanel and it works great!! It warned me about the cert and after I accepted it works like a charm. I do still have a concern. What if a packet watcher snorts your pop user and password? the SSL message wouldn't mean anything right? they could login the same way right? How can we make it work with &Secure Password Auth? any ideas?

[rpmws]

Well actually if they got the password they could login using regular pop without SSL. However I now believe that this SSL starts before the password is passed. At least it seems that way with Outlook Express .Everything is done through the required port. It seems that SPA is just a way to encrypt the password ? is this correct?

[rpmws]

Another thing Outlook Express will do is warn you everytime you restart Outlook Express that the cert doesn't match the domain. It does thsi because &mail.somedomain.com& isn't the same as the master cert we use for cpanel. So what I have is a real cert I use for cpanel and it is for &server.myservermaindomain.com& . What I am doing is using server.myservermaindomain.com instead of &mail.eachdomain.com& in Outlook server settings and now I don't get the warning box everytime I start OE. Anyone see a problem doing it this way?

Thanks!!!