Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

221

222

223

224

225

226

227

228

229

230

226 Chapter 15. Email

15.6.2. Secure Email Servers

Offering SSL encryption to IMAP and POP users on the email server is almost as easy. Red Hat Linux

also includes the stunnel package, which is an SSL encryption wrapper that wraps around standard,

non-secure network trafﬁc for certain services and prevents interceptors from being able to "sniff" the

communication between client and server.

The stunnel program uses external SSL libraries, such as the OpenSSL libraries included with Red

Hat Linux, to provide strong cryptography and protect your connections. You can apply to a Certiﬁcate

Authority (CA) for an SSL certiﬁcate, or you can create a self-signed certiﬁcate to provide the beneﬁt

of the SSL encrypted communication.

To create a self-signed SSL certiﬁcate, change to the /usr/share/ssl/certs/ directory, type the

make stunnel.pem command, and answer the questions. Then, use stunnel to start the mail dae-

mon that you wish to use.

For example, the following command could be used to start the IMAP server included with Red Hat

Linux:

/usr/sbin/stunnel -d 993 -l /usr/sbin/imapd imapd

You should now be able to open an IMAP email client and connect to your email server using SSL

encryption. Of course, you will probably want to go a step further and conﬁgure your stunnel-

wrapped IMAP server to automatically start up at the correct runlevels.

For more information about how to use stunnel, read the stunnel man page or refer to the docu-

ments in the /usr/share/doc/stunnel-

version-number directory.

Alternatively, the imap package bundled with Red Hat Linux contains the ability to provide SSL

encryption on its own without stunnel. For secure IMAP connections, create the SSL certiﬁcate by

changing to the /usr/share/ssl/certs/ directory and running the make imapd.pem command.

Then, set the imapd service to start at the proper runlevels.

You can also use the ipop3 package bundled with Red Hat Linux to provide SSL encryption on its

own without stunnel.

15.7. Additional Resources

Many users initially ﬁnd email programs difﬁcult to conﬁgure, primarily due to the large number of

options available. Below is a list of additional documentation to help you properly conﬁgure your mail

applications.

15.7.1. Installed Documentation

• Information about how to conﬁgure Sendmail is included with the sendmail and sendmail-cf

packages.

• /usr/share/doc/sendmail/README.cf — Contains information on m4, ﬁle locations for

Sendmail, supported mailers, how to access enhanced features, and more.

• /usr/share/doc/sendmail/README — Contains information on the Sendmail directory

structure, IDENT protocol support, details on directory permissions, and the common problems

these permissions can cause if misconﬁgured.

In addition, the sendmail and aliases man pages contain helpful information covering various

Sendmail options and the proper conﬁguration of the Sendmail /etc/mail/aliases ﬁle, respec-

tively.