8.11. Securing POP/IMAP with SSL and Pine
Problem
You want to secure your POP or IMAP email session. Your mail client is pine, and your mail server supports SSL.
Solution
Test whether you can use STARTTLS, as explained in SSL for Securing Mail:
$ pine -inbox-path='{mail.server.net/user=fred/protocol
}'
replacing protocol
with either
pop
or imap
as desired. One
of three outcomes will occur:
You get no connection. In this case, you cannot use STARTTLS; move on and try SSL-port, below.
You get a connection, but the login prompt includes the word
INSECURE
:HOST: mail.server.net (INSECURE) ENTER LOGIN NAME [fred] :
In this case, you again cannot use STARTTLS; move on and try SSL-port, below.
You get a connection and the login prompt does not say
INSECURE
. In this case, congratulations, you have a secure mail connection. You are done.
If you could not use STARTTLS as shown, try the SSL-port method:
$ pine -inbox-path='{mail.server.net/user=fred/protocol
/ssl}'
again replacing protocol
with either
pop
or imap
as appropriate.
To ensure you have a secure connection (i.e., to forbid
pine to engage in weak authentication, unless
it’s over a secure connection), add
/secure
to your inbox-path
.
For example:
$ pine -inbox-path='{mail.server.net/user=fred/imap/secure}'
If none of this works, your ISP does not appear to support IMAP over SSL in any form; try SSH instead. [Recipe 8.16]
Discussion
You might be able to simplify the mailbox specifications; for instance:
{mail.server.net/user=fred/imap}
could be simply ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.