The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL encrypted POP sessions ..how?

Discussion in 'General Discussion' started by rpmws, May 11, 2002.

  1. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    SSL encrypted POP sessions ..how? I have several clienst that have asked about this. Seems like a good idea and a bunch of the email clients seem to support some form of it. Is this even possible on a cpanel server? How does it work? anyone know enough about this to share with me?

    Thanks in advance :)
     
  2. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    I think all you have to do is tell your mail client to use it. For example in Outlook Express you have to edit the account's advanced options.

    Locate startstunnel in your server, the secure ports should be configured in that file.

    I hope someone will correct me if I'm wrong...
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Ok ..I do see that file and I also see references to ports 110 and port 25. I just tried Outlook and get a SSL no socket error. Is there comething else I need to do to make this work client side perhaps?
     
  4. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    OK... figured it out. NOC is blocking port 465 and 995 so I used a test port that they have open. I changed the pop port in stunel restarted cpanel and it works great!! It warned me about the cert and after I accepted it works like a charm. I do still have a concern. What if a packet watcher snorts your pop user and password? the SSL message wouldn't mean anything right? they could login the same way right? How can we make it work with &Secure Password Auth? any ideas?
     
  5. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Well actually if they got the password they could login using regular pop without SSL. However I now believe that this SSL starts before the password is passed. At least it seems that way with Outlook Express .Everything is done through the required port. It seems that SPA is just a way to encrypt the password ? is this correct?
     
  6. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Another thing Outlook Express will do is warn you everytime you restart Outlook Express that the cert doesn't match the domain. It does thsi because &mail.somedomain.com& isn't the same as the master cert we use for cpanel. So what I have is a real cert I use for cpanel and it is for &server.myservermaindomain.com& . What I am doing is using server.myservermaindomain.com instead of &mail.eachdomain.com& in Outlook server settings and now I don't get the warning box everytime I start OE. Anyone see a problem doing it this way?

    Thanks!!!
     
Loading...

Share This Page