On Wed, Feb 25, 2004 at 01:45:53PM -0500, Jeff Koch wrote:
>>> I have started seeing stunnel processes owned by vpopmail in the process
>>> log. Can anyone explain what that's about? or should I be concerned?
>>> vpopmail 6977 0.0 0.0 3272 848 ? S Feb19 0:00
>>> /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma
>> Probably POP, IMAP or SMTP over SSL. If you get a longer listing (ps
>> auxwwwww) you'd probably see that it's qmail-popup or qmail-smtpd running.
> Thanks. That's interesting. So we can do encrypted smtp and pop or imap
> sessions without bothering with PGP?
PGP does not encrypt a 'SMTP|POP3|IMAP4' /session/, but the /message
SSL in fact does only encrypt the 'session', i.e. the transfer from
'client A to server B'.
PGP (& Co.) protects your mail being read from /anybody/ without proper
key, SSL protects your mail from being intercepted and read on transport
over SSL encrypted path. This means: if you SSL connect your primary
SMTP server your message is 'safe'. If this very server send the mail
out using a not SSL protected connection anybody else can again reasd
it, if he somehow manages it to fetch the packets.
> Any idea which email clients support that?
There're some: "Lookout Quickly" can do, IIRC, so can 'The Bat!',
'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of
them even can 'STARTTLS'. For *nix there also a few: I know at least
about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL
support as well, if not it's on the straight way to having it.
SSL for mail issues at client side is not that uncommon anymore, albeits
it's use is rather limited. It can be of use if you send/receive your
mail using an external SMTP/POP3/IMAP server and do not want your ISP to
be able to read it.
For any unkown term or program: use Google to locate it or it's meaning,
I'm to lazy to provide all applicable URLs. :-)