You want to secure your POP or IMAP email session. Your mail client is mutt, and your mail server supports SSL.

If you want a POP connection, use SSL-port, since mutt does not support STARTTLS over POP. (See SSL for Securing Mail for definitions.)

$ MAIL=pops://fred@mail.server.net/   mutt

For an IMAP connection, test whether you can use STARTTLS:

$ MAIL=imap://fred@mail.server.net/   mutt

If this works, mutt will flash a message about setting up a “TLS/SSL” connection, confirming your success. If not, then try SSL-port:

$ MAIL=imaps://fred@mail.server.net/  mutt

If none of this works, your ISP does not appear to support IMAP over SSL in any form; try SSH instead. [Recipe 8.15]

Many SSL-related configuration variables in mutt affect its behavior; we are assuming the defaults here.

Mutt uses the systemwide trusted certificate list in /usr/share/ssl/cert.pem, which contains certificates from widely recognized Certifying Authorities, such as Verisign, Equifax, and Thawte. If this file does not contain a certificate chain sufficient to validate your mail server’s SSL certificate, mutt will complain about the certificate. It will then prompt you to accept or reject the connection. You can alter this behavior by setting:

               ~/.muttrc:
set certificate_file=~/.mutt/certificates

Now mutt will further offer to accept the connection either “once” or “always.” If you choose “always,” mutt will store the certificate in ~/.mutt/certificates ...