SSL encrypted POP sessions ..how?

rpmws

Well-Known Member
Aug 14, 2001
1,822
9
318
back woods of NC, USA
SSL encrypted POP sessions ..how? I have several clienst that have asked about this. Seems like a good idea and a bunch of the email clients seem to support some form of it. Is this even possible on a cpanel server? How does it work? anyone know enough about this to share with me?

Thanks in advance :)
 

rpmws

Well-Known Member
Aug 14, 2001
1,822
9
318
back woods of NC, USA
Ok ..I do see that file and I also see references to ports 110 and port 25. I just tried Outlook and get a SSL no socket error. Is there comething else I need to do to make this work client side perhaps?
 

rpmws

Well-Known Member
Aug 14, 2001
1,822
9
318
back woods of NC, USA
OK... figured it out. NOC is blocking port 465 and 995 so I used a test port that they have open. I changed the pop port in stunel restarted cpanel and it works great!! It warned me about the cert and after I accepted it works like a charm. I do still have a concern. What if a packet watcher snorts your pop user and password? the SSL message wouldn't mean anything right? they could login the same way right? How can we make it work with &Secure Password Auth? any ideas?
 

rpmws

Well-Known Member
Aug 14, 2001
1,822
9
318
back woods of NC, USA
Well actually if they got the password they could login using regular pop without SSL. However I now believe that this SSL starts before the password is passed. At least it seems that way with Outlook Express .Everything is done through the required port. It seems that SPA is just a way to encrypt the password ? is this correct?
 

rpmws

Well-Known Member
Aug 14, 2001
1,822
9
318
back woods of NC, USA
Another thing Outlook Express will do is warn you everytime you restart Outlook Express that the cert doesn't match the domain. It does thsi because &mail.somedomain.com& isn't the same as the master cert we use for cpanel. So what I have is a real cert I use for cpanel and it is for &server.myservermaindomain.com& . What I am doing is using server.myservermaindomain.com instead of &mail.eachdomain.com& in Outlook server settings and now I don't get the warning box everytime I start OE. Anyone see a problem doing it this way?

Thanks!!!