POP3 and SSL

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm in the process of putting together a web based e-mail program. I was curious whether it was possible to use the Net::POP3 module to be able to access e-mail servers over a secure connection.
More and more POP3 servers are shifting to requiring a secure connection. Is it as simple as replacing the IO::Socket calls in Net::POP3 to IO::Socket::SSL calls? Does anybody have adivce on how to implement this?
Thanks.

Comment on POP3 and SSL

Replies are listed 'Best First'.
Re: POP3 and SSL by Petruchio (Vicar) on Feb 24, 2001 at 22:17 UTC
I believe you're looking at the wrong tool; consider using SSH rather than SSL. Using port forwarding, you should be able to arrange things so that the only unencrypted connections are to the loopbacks on both ends. There's even a Secure POP via SSH mini-HOWTO to step you through the process. As for Perl modules, you have a choice... but I'll leave it to btrott to tell you why his Net::SSH::Perl modules are better than Net::SSH. :-) If you have the skill to do so, consider writing the POP via SSH part of your program as a separate module, and sharing it. It will win you praise, and, if you choose to join the monastery, votes.	[reply]
Re: POP3 and SSL by Beatnik (Parson) on Feb 23, 2001 at 02:05 UTC
Since POP3 uses a client and a server side, I doubt you can make the Server understand SSL if you just turn all IO::Socket's to IO::Socket::SSL calls. POP3 has limited security when it comes to password sending with apop (which uses MD5). If you wanna use a more secure mail protocol all together, I'd suggest IMAP. Greetz Beatnik ... Quidquid perl dictum sit, altum viditur.	[reply]
Re: Re: POP3 and SSL by Jerry A! (Acolyte) on Feb 23, 2001 at 10:40 UTC
Actually, I think that the original poster is on the right track. I'm guessing that he wants to connect to a POP3S server (probably pop3 being wrapped via stunnel). Looking over the docs, I think that the original poster's idea of using IO::Socket::SSL should work. Haven't ever used it before, so unfortunately, I don't have any code snippets that could be useful. Also, looking at CPAN, Net::SSLeay may also do the trick.... --Jerry A!	[reply]