Secure Mail Access

Currently, there are three methods of accessing your email without sending your password in the clear for all the world to see. The simplest (and least supported) is Authenticated POP (APOP), this only secures your password and does not encrypt your email itself. The other two methods use the Secure Socket Layer (SSL) standard to transmit POP and IMAP data securely. They encrypt all information between your machine and the mail server and can therefore be relied upon for both security and privacy.

The following table shows various known mail clients and which secure access methods they support

APOPSSL-POPSSL-IMAP
Netscape MailNOunknownYES
Microsoft OutlookunknownYESYES
Outlook ExpressunknownYESYES
EudoraYESNONO
Simeonunknownunknownunknown
Mulberryunknownunknownunknown

Specifics - everything you never wanted to know about setting up secure email

Netscape with SSL-IMAP

This shouldn't require any changes on the mail server, so go to the PC, fire up Netscape and perform the following steps:

  1. Select the "Edit" menu from the menu bar.
  2. Select the "Preferences..." option. This will open up the "Netscape Preferences" popup window.
  3. Press the triangle to the side of the "Mail & Newsgroups" option. This should bring up a listing of mail and newsgroup choices.
  4. Select the "Mail Servers" option. This should show a listing of Incoming Mail Servers. Either "mail.ee.duke.edu" or "ee.duke.edu" should be an option here.
  5. Select the ECE department's mail server (either mail.ee.duke.edu or ee.duke.edu). The "Edit..." button to the right should now become selectable.
  6. Press the "Edit..." button. This will open a popup window.
  7. In the popup window, select the "IMAP" tab at the top of the window.
  8. The first option this shows is a checkbox labeled "Use secure connection. (SSL)" Select this checkbox.
  9. Select the "OK" button at the bottom of the popup window to save your changes and close the popup window.
  10. Select the "OK" button at the bottomw of the "Netscape Preferences" window to close this window.
  11. The next time Netscape checks for mail, it will use SSL. Unfortunately, since we are not paying one of the certificate signing authorities, our certificate will not be recognized by Netscape. However, you may still use the certificate for encrypting the traffic between your client and the mail server. Go through the various Netscape options stating that you want to accept this certificate, etc.
  12. That should be it.

Eudora with APOP

Okay, this is a multi-step process, bear with us.

First, log onto mail.ee.duke.edu (the mail server) - preferably with a SSH client. Execute the command: "popauth". This will prompt you to enter your MAIL password. Note that this should be different from your Unix password.

Once you have a mail password, you should be able to now use APOP for mail. So now, log onto your client machine and do the following:

Configuring Eudora to use APOP - Macintosh

  1. Select and set up an APOP password. This can be done using the "Change Password..." command in Eudora.
  2. Go to the Special Menu and choose "Change Password..." Enter your network/dialin password when prompted. Then enter your new APOP password. You will be prompted to enter it again for verification. Make sure you take note of your APOP password.
  3. In the Special Menu, choose "Settings".
  4. Select the "Checking Mail" icon in the left scroll menu. The subheading "Authentication Style" must be changed from "Passwords" to "APOP".

Configuring Eudora to use APOP - Windows

  1. Select and set up an APOP password. This can be done using the "Change Password..." command in Eudora.
  2. Go to the Special Menu and choose "Change Password..." Enter your network/dialin password when prompted. Then enter your new APOP password. You will be prompted to enter it again for verification. Make sure you take note of your APOP password.
  3. In the Tools Menu, choose "Options".
  4. Select the "Incoming" icon (in some versions of Eudora, it's "Checking Mail") in the left scroll menu. The subheading "Authentication Style" must be changed from "Passwords" to "APOP".

Microsoft Outlook and Outlook Express with SSL-POP

This requires no changes on the mail server. Simply open up your mail client on the PC and perform the following steps:

  1. Open the "Tools" menu on the menubar.
  2. Select the "Accounts..." option. This will open a Popup window called "Internet Accounts"
  3. In the window, there will be a listing of the mail servers you use. One should be mail.ee.duke.edu (or ee.duke.edu). Select this account.
  4. After selecting the account, some of the buttons to the right should now be selectable. Hit the button marked "Properties". This should bring up a new popup window called "mail.ee.duke.edu Properties" (or "ee.duke.edu Properties" depending on your configuration).
  5. In the "Properties" popup window, select the tab near the top of the window marked "Advanced"
  6. Under the "Incoming Mail (POP3)" heading, select the checkbox labeled "Server requires secure connection (SSL)". After selecting this, the port listed for mail should change from 110 to 995.
  7. You do not need to configure "Secure Outgoing Mail". This would actually add little benefit as no passwords are sent, and only the link between you and ECE would be encrypted.
  8. Select the "Okay" button at the bottom of the "Properties" window. This will close the "Properties" popup.
  9. Select the "Close" button at the bottom of the Internet Accounts window.
  10. That's all.

Microsoft Outlook and Outlook Express with SSL-IMAP

This requires no changes on the mail server. Simply open up your mail client on the PC and perform the following steps:

  1. Open the "Tools" menu on the menubar.
  2. Select the "Accounts..." option. This will open a Popup window called "Internet Accounts"
  3. In the window, there will be a listing of the mail servers you use. One should be mail.ee.duke.edu (or ee.duke.edu). Select this account.
  4. After selecting the account, some of the buttons to the right should now be selectable. Hit the button marked "Properties". This should bring up a new popup window called "mail.ee.duke.edu Properties" (or "ee.duke.edu Properties" depending on your configuration).
  5. In the "Properties" popup window, select the tab near the top of the window marked "Advanced"
  6. Under the "Incoming Mail (IMAP)" heading, select the checkbox labeled "Server requires secure connection (SSL)". After selecting this, the port listed for mail should change from 143 to 993.
  7. You do not need to configure "Secure Outgoing Mail". This would actually add little benefit as no passwords are sent, and only the link between you and ECE would be encrypted.
  8. Select the "Okay" button at the bottom of the "Properties" window. This will close the "Properties" popup.
  9. Select the "Close" button at the bottom of the Internet Accounts window.
  10. That's all.

Help!

If you know anything about the items in the above table marked "unknown", please let us know.

Christopher E. Cramer, Ph.D.
Last modified: Sun Apr 23 13:26:13 EDT 2000