検索

このコンテンツは選択した言語では利用できません。

11.5. Mail User Agents

download PDF
There are scores of mail programs available under Red Hat Enterprise Linux. There are full-featured, graphical email client programs, such as Mozilla Mail or Ximian Evolution, as well as text-based email programs such as mutt.
The remainder of this section focuses on securing communication between the client and server.

11.5.1. Securing Communication

Popular MUAs included with Red Hat Enterprise Linux, such as Mozilla Mail, Ximian Evolution, and mutt offer SSL-encrypted email sessions.
Like any other service that flows over a network unencrypted, important email information, such as usernames, passwords, and entire messages, may be intercepted and viewed by users on the network. Additionally, since the standard POP and IMAP protocols pass authentication information unencrypted, it is possible for an attacker to gain access to user accounts by collecting usernames and passwords as they are passed over the network.

11.5.1.1. Secure Email Clients

Most Linux MUAs designed to check email on remote servers support SSL encryption. To use SSL when retrieving email, it must be enabled on both the email client and server.
SSL is easy to enable on the client-side, often done with the click of a button in the MUA's configuration window or via an option in the MUA's configuration file. Secure IMAP and POP have known port numbers (993 and 995, respectively) that the MUA uses to authenticate and download messages.

11.5.1.2. Securing Email Client Communications

Offering SSL encryption to IMAP and POP users on the email server is a simple matter.
First, create an SSL certificate. This can be done two ways: by applying to a Certificate Authority (CA) for an SSL certificate or by creating a self-signed certificate.

Warning

Self-signed certificates should be used for testing purposes only. Any server used in a production environment should use an SSL certificate granted by a CA.
To create a self-signed SSL certificate for IMAP, change to the /usr/share/ssl/certs/ directory and type the following commands as root:
rm -f imapd.pem
make imapd.pem
Answer all of the questions to complete the process.
To create a self-signed SSL certificate for POP, change to the /usr/share/ssl/certs/ directory, and type the following commands as root:
rm -f ipop3d.pem
make ipop3d.pem
Again, answer all of the questions to complete the process.

Important

Please be sure to remove the default imapd.pem and ipop3d.pem files before issuing each make command.
Once finished, execute the /sbin/service xinetd restart command to restart the xinetd daemon which controls imapd and ipop3d.
Alternatively, the stunnel command can be used as an SSL encryption wrapper around the standard, non-secure daemons, imapd or pop3d.
The stunnel program uses external OpenSSL libraries included with Red Hat Enterprise Linux to provide strong cryptography and protect the connections. It is best to apply to a CA to obtain an SSL certificate, but it is also possible to create a self-signed certificate.
To create a self-signed SSL certificate, change to the /usr/share/ssl/certs/ directory, and type the following command:
make stunnel.pem
Again, answer all of the questions to complete the process.
Once the certificate is generated, it is possible to use the stunnel command to start the imapd mail daemon using the following command:
/usr/sbin/stunnel -d 993 -l /usr/sbin/imapd imapd
Once this command is issued, it is possible to open an IMAP email client and connect to the email server using SSL encryption.
To start the pop3d using the stunnel command, type the following command:
/usr/sbin/stunnel -d 995 -l /usr/sbin/pop3d pop3d
For more information about how to use stunnel, read the stunnel man page or refer to the documents in the /usr/share/doc/stunnel-<version-number>/ directory, where <version-number> is the version number for stunnel.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.