لطفا منتظر باشید ...
Recipe 8.12 Securing POP/IMAP with SSL and mutt
8.12.1 Problem
You want to secure your
POP or IMAP email session. Your mail
client is mutt, and your mail server supports SSL.
8.12.2 Solution
If you want a POP connection, use
SSL-port, since
mutt does not support STARTTLS over POP. (See SSL for Securing Mail for definitions.)
$ MAIL=pops://fred@mail.server.net/ mutt
For an IMAP connection, test whether you can use
STARTTLS:
$ MAIL=imap://fred@mail.server.net/ mutt
If this works, mutt will flash a message about
setting up a "TLS/SSL" connection,
confirming your success. If not, then try SSL-port:
$ MAIL=imaps://fred@mail.server.net/ mutt
If none of this works, your ISP does not appear to support IMAP over
SSL in any form; try SSH instead. [Recipe 8.15]
8.12.3 Discussion
Many SSL-related configuration variables in mutt
affect its behavior; we are assuming the defaults here.Mutt uses the systemwide trusted
certificate list in
/usr/share/ssl/cert.pem, which contains
certificates from widely recognized Certifying Authorities, such as
Verisign, Equifax, and Thawte. If this file does not contain a
certificate chain sufficient to validate your mail
server's SSL certificate, mutt
will complain about the certificate. It will then prompt you to
accept or reject the connection. You can alter this behavior by
setting:
~/.muttrc:
set certificate_file=~/.mutt/certificates
Now mutt will further offer to accept the
connection either "once" or
"always." If you choose
"always," mutt
will store the certificate in
~/.mutt/certificates and accept it automatically
from then on. Be cautious before doing this, however: it allows a
man-in-the-middle attack on the first connection. A far better
solution is to add the appropriate, trusted issuer certificates to
cert.pem.
8.12.4 See Also
mutt(1).
