SSMTP + POP3S + POP Before SMTP Authentication in Outlook

So for quite some time i’ve been wanting to send and receive email with my mail server over purely encrypted methodologies using Outlook in Windows. Additionally, I didnt really want any user accounts having cleartext passwords thrown around, so i finally managed some free time during off hours while my wife was at work, and was able to get everything working.

This isnt a step by step introduction, guide, or FAQ, but a few things to point out…

First, for your pop3 stunnel configuration, be sure to set ‘transparent = yes’.

exec = /usr/sbin/vm-pop3d (or your pop3 daemon)
execargs = popa3d
transparent = yes

This enables your pop3 logs to show the originating IP, not turning this on shows 127.0.0.1, which isnt what we want.

Second, be sure transparent is off for smtp’s config in stunnel and you’ve defined the protocol as smtp.

protocol = smtp
accept = 465
connect = 25

The xinetd services are faily straightforward:
service smtps
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/stunnel.conf-smtp
log_on_success += HOST DURATION
log_on_failure += HOST
}

and

service pop-3
{
socket_type = stream
protocol = tcp
wait = no
user = root
instances = 25
server = /usr/sbin/vm-pop3d
server_args = -D -i
log_type = SYSLOG local4 info
log_on_success = PID HOST EXIT DURATION
log_on_failure = HOST ATTEMPT
}

Lastly, I downloaded and setup pop-before-smtp, http://popbsmtp.sourceforge.net/, and had it configured for my vm-pop3d daemon.

In outlook when you check use SSL for POP3, it puts 995 (the right port) into place, however, when you check SSL for SMTP, it leaves it at 25, be sure to change it to 465.

If you have some problems, run sniffers and make sure packets are being exchanged, no firewalls are in the way, etc. I found /var/log/secure to yield stunnel logs and also you can turn on logging in Outlook throught tools->options->advanced turn on logging.

Hope this helps someone out there, if not, I’m sure oneday I’ll need it again.

UPDATE
darky was kind enough to tell me TLS was in POSTFIX’s SMTP server, here is my config:
# TLS [#98]
smtpd_use_tls = yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/tls/smtpd.key
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem

Note you can be your own CA 🙂