Secure email

Kristoffer Ekelund e7ke at
Fri Jun 1 14:44:01 PDT 2001

On Fri, 1 Jun 2001, Ben wrote:

> Remember the following:
> The second you use a plaintext service, your system is just as vulnerable
> as if it uses telnet instead of ssh!
> So, if you're going to have a bunch of users, and want them to ssh in, and
> just let them use regular pop3 or imap to transfer mail, it's sort of
> illogical.

Yes, this was exactly what I was thinking...

> I'd recommend using stunnel, since it has an easy-to-use windoze client.
> You can probably make some vb macro to put on their desktop to forward a
> local port to your remote port, for pop3 or imap.

Ok, stunnel looks a tad complicated, but I'll look into it. It doesn't
look like a very elegant solution though. Not to me anyway... Are there
really no encrypted protocols for retriveing mail?

> Also, keep in mind that, if you set up a smtp server, you have to deal
> with rcpthosts and spam prevention and all sorts of other fun stuff. A
> good way of authorizing ip's to be able to relay mail is with pop3 auth. I
> know there's a patch for qmail that does this. I'm sure there's one for
> postfix, too. Qmail and postfix are really good choices for secure
> (against cracking) smtp servers. check out for all sorts of fun
> qmail stuff, and for the schtick on stunnel.
> Also, if you want REALLY good encryption, just have your clients use
> pgp/gpg, or maybe s/mime. That's not as user-friendly, and isn't worth it
> if all you're concerned with is password cloaking.

Password cloaking would be what I'm after in this setup. But that has
never stopped my curiosity, do you have any links relevant to encrypting
with pgp/gpg (assuming that you don't just mean encrypting the contents of
the e-mails becuase I know how to do that).

> Regards,
> ben


Read, think, spread!

Unsubscribe: send email to lfs-security-request at
and put unsubscribe in the subject header of the message

More information about the lfs-security mailing list