Using SSL with Snowbox
Secure connections to snowbox are possible by using the universal SSL Wrapper “Stunnel”. There are probably other methods, but this document describes a setup via stunnel. Connections have been tested and work without problems from Mozilla Thunderbird, Apple's Mail.app, iPhone Mail and Outlook Express/2003/2007. From within these applications check the box that enables SSL or TLS and use the port 995 on which we will enable the listener. This is the default pop3s port, which has been deprecated by starttls on the default port, but works perfectly nonetheless.
Required Software
Install stunnel, either by downloading the source from stunnel.org or by using the package provided by your operating system. The packages from Debian Lenny, installed by “apt-get install stunnel4“, and Fedora, installed by “yum install stunnel”, work just fine.
Configuration
You will need an X.509 certificate to use encryption. Most likely you will use a self-signed certificate. Take a look at this very nice howto if you need to create a self-signed certificate. Stunnel accepts both the cert/key combination as well as the combined .pem format which a both mentioned there. Add the file to the corresponding sections in stunnel's config file.
After that uncomment or add the following lines to stunnel.conf:
[pop3s]
accept = 995
connect = 110
Set “client = no” if it is set to “yes”. You can leave alone the rest of the config.
Enable stunnel via “/etc/init.d/stunnel4 start” (Debian) or “service stunnel start” on a Fedora system.
Test it
That should do the trick. The following will now happen behind the scenes: mail clients will connect to port 995 and start an encrypted channel. Once that has been established they start the pop3 handshake. Stunnel will forward the connection internally and connect to the local port 110 where snowbox waits for client connections.
It's probably a slight overhead, but on today's or even yesterday's servers it's a non-issue. Plus stunnel's code is well tested and solid and follows the Unix principle. You have two programs, that do two different things and once you combine them both, they do something else. :^)