Peter Palmreuther wrote:
On Wed, Feb 25, 2004 at 01:45:53PM -0500, Jeff Koch wrote:

I have started seeing stunnel processes owned by vpopmail in the process log. Can anyone explain what that's about? or should I be concerned?

vpopmail 6977 0.0 0.0 3272 848 ? S Feb19 0:00 /usr/sbin/stunnel -f -p /var/qmail/control/servercert.pem -l /var/qma

Probably POP, IMAP or SMTP over SSL. If you get a longer listing (ps auxwwwww) you'd probably see that it's qmail-popup or qmail-smtpd running.

Thanks. That's interesting. So we can do encrypted smtp and pop or imap sessions without bothering with PGP?

PGP does not encrypt a 'SMTP|POP3|IMAP4' /session/, but the /message
SSL in fact does only encrypt the 'session', i.e. the transfer from
'client A to server B'.

PGP (& Co.) protects your mail being read from /anybody/ without proper
key, SSL protects your mail from being intercepted and read on transport
over SSL encrypted path. This means: if you SSL connect your primary
SMTP server your message is 'safe'. If this very server send the mail
out using a not SSL protected connection anybody else can again reasd
it, if he somehow manages it to fetch the packets.

Any idea which email clients support that?

There're some: "Lookout Quickly" can do, IIRC, so can 'The Bat!',
'Pocomai', 'Becky' and Eudora (to name the Windows fraction). Some of
them even can 'STARTTLS'. For *nix there also a few: I know at least
about 'mutt' and 'Sylpheed', but I'm quite sure 'Evolution' has SSL
support as well, if not it's on the straight way to having it.

Forgot to mention the lovely ThunderBird, which runs on both windows and Linux, BSD, Solaris, and many more. Its nice and fast, and easy to use.

SSL for mail issues at client side is not that uncommon anymore, albeits it's use is rather limited. It can be of use if you send/receive your mail using an external SMTP/POP3/IMAP server and do not want your ISP to be able to read it.

For any unkown term or program: use Google to locate it or it's meaning,
I'm to lazy to provide all applicable URLs. :-)

Reply via email to