Pegasus Mail (POP3) and SSL HOWTO

Stop the Presses! Pegasus Mail versions 4.11 and greater now support SSL internally, the following instructions are now deprecated. However, they're still valid for people using versions previous to 4.1.

Background: In June of 2001, the University of Washington began requiring secure software. A Great Idea, but very little guidance is given for software outside of the UWICK. My preferred mail client is Pegasus Mail, but it doesn't natively support SSL (pre-4.1). The guide is tailored towards the UW, but is easily adaptable to other ISPs. As a free bonus, I've added instructions for using the UW's NNTP server with ssltunnel.


Important note: Sending mail ouside of the UW from a non-UW connection remains impossible, even with a secure connection.

Table of contents

Gathering Software

The required pieces of the puzzle are:

Setup

stunnel setup

What is stunnel? Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. In accordance to its Unix roots, the Windows port of stunnel is a bare-bones console program. No fancy bells, whistles, or help files. Just 38K of text, text, and more text.

  1. Download the latest 3.X Windows binary. Massive changes in version 4 are not documented.

  2. Download the two pre-compiled SSL libraries (near the bottom of the page with the stunnel binary) into the windows/system/ or winnt/system32/ directory.

  3. Drop to an MS-DOS box (command prompt), change to the Pegasus Mail directory, and execute this command:

You should see something similar to:

2001.11.27 18:48:17 LOG5[16362823:16463459]: Using 'Your.UW.NetID.deskmail.washington.edu.995' as tcpwrapper service name
2001.11.27 18:48:18 LOG5[16362823:16463459]: stunnel 3.22 on x86-pc-mingw32-gnu WIN32 with OpenSSL 0.9.6b 9 Jul 2001
2001.11.27 18:48:18 LOG5[16362823:16463459]: FD_SETSIZE=4096, file ulimit=-1 (unlimited) -> 2000 clients allowed

Congratulations, you've created a SSL tunnel

Minimize the window and continue to the next step.

Pegasus Mail setup

Setup is simple on the Pegasus side (screenshots are from version 3.12c, options might differ in the 4.x versions):

Netconfig

 

1) Open up the Network Configuration screen (File -> Network Configuration).
POP3

 

2) Switch the tab to "Receiving (POP3)", change the POP3 host to localhost.

 

3) Under the "Sending (SMTP)" tab check the "Use the e-mail address I supplied for the SMTP envelope"

You're done! Try retrieving some mail.


Note: Even with the secure connection mail can not be sent to a non-UW address from a non-UW IP address:

Due to abuse of the UW email server systems by people relaying junk email we were forced to disallow relay of email unless the sender is directly connected to the UW network or if the recipient's address on the message is at the UW.

One Of These Days the UW will get around to enabling authenticated SMTP services. Until then, either dial-in to the modem pool, use SSH, or use your non-UW ISP as the outgoing mailhost.


Using

I written two small batch files to simplify the stunnel process. The files assume that stunnel and the file reside in the same directory as Pegasus Mail.
  1. stunnel + Pegasus Mail
  2. stunnel only

Or download this ZIP file with both batch files.

If you get annoyed at the stunnel box taking up room in the taskbar, download TrayIt!, a great freeware application that sends (almost) any window to the system tray.

Links


Last updated: 30 April 03
Questions/Comments
Return Home