SECURE
MAIL
SERVER
In Computer Science, we run secure services on our mail server. These being
Secure POP (POP3S), Secure IMAP (IMAPS) and Secure SMTP (SSMTP). The recommended way of
reading mail is with secure POP and the recommended way of sending mail is with secure
SMTP. Other forms of communication with the mail server are permitted (POP, SMTP) however,
these are unencrypted hence your password will pass in plain text over the network and any
communication you perform with the server is open to possible network sniffing.
|
These instructions refer to a machine called Postfix.cs.uwa.edu.au. Please
change this to mailhost.csse.uwa.edu.au where ever it is mentioned.
|
Transferring your mail settings from unsecured to secured services can
be performed by a standard user and involves the following steps.
- Load Eudora. These instructions assume that you have an existing copy
of Eudora installed on your machine. If you are using a different email client,
sorry, you're on your own.
- Go to Tools then scroll down to Options as indicated
in the following figure.
- That will display a box that looks like:
This is where you need to start making changes.
| Real Name
| Your name
|
| Return address:
| username@csse.uwa.edu.au
|
| Mail Server (Incoming):
| postfix.cs.uwa.edu.au
(This will change when server is in production)
|
| Login Name:
| Your unix username
|
| SMTP Server (Outgoing):
| postfix.cs.uwa.edu.au
(This will change when server is in production)
|
- Click on the icon marked Checking Mail and
down the bottom of that in the section marked "Secure Sockets when Receiving"
change that to Required, Alternate Port
- Now click on the icon marked Sending Mail and
down the bottom of that in the section marked
"Secure Sockets when Sending"
change that to Required, Alternate Port as well
- Now, scroll down the left side until you find the icon
marked "Advanced Network" and change the Network buffer size of
to 16384
- Now check your mail. You'll get an error - don't worry, the
certificate is self signed, so you need to manually add it to your
trusted certificates.
- Go back to Tools and scroll down to Options
like you did before. Then click on Checking Mail and
choose the Last SSL Info option near the bottom right.
- This will display Connection Information Manager Window which
says the negotion status has failed because the Cert Chain is not
trusted.
Click on the Certificate Information Manager button at the bottom.
- Highlight the Server Certificate from Computer Science.
(It should have a skull and crossbones next to it). Then click on
Add to Trusted
- A new Subheading should appear User Trusted Certificates
should appear with the Computer Science certificate under it.
Now click Done until you are out of the options menu
- Now try to check your mail again and it should work.
TROUBLESHOOTING
Likely reasons for it failing?
- You haven't increased the size of the network buffer
under Advanced Network. This needs to be large or
else there isn't enough buffer space to hold the full
size of the certificate. Also, don't make up a number - it needs
to be a 2x number for the byte boundaries.
- You're reading this after we've moved the server into production.
The certificates are tied to the name of the machine, so if you're
referencing the server with a name other than "postfix.cs.uwa.edu.au"
its not going to fail.
Back to top page
