PNCE: SSL Email


PNCE User Documents: Enabling SSL for Email

Overview

As per general campus guidelines, the Physics department is eliminating the use of network protocols which pass usernames and passwords without encryption along the network. These protocols, although old and familiar, do make it possible for hackers to wiretap or eavesdrop and obtain your password, thereby allowing for all sorts of havoc. The good news is that modern software in the past few years have gotten much better at dealing with new, more secure, encrypted protocols, and switching to these new protocols should cause minimal discomfort. Indeed, you are probably already using newer, encrypted versions of the old telnet protocol, possibly without even realizing it, and by making a few adjustments to your preferences on your email client, you can use the new protocols there as well.

The campus Office of Information Technology has a detailed and useful page describing what you need to do to comply with the new policy. Included in that are a bunch of instructions for configuring your email client; unfortunately these instructions are specific to the new campus mail@umd mail system (ie for people with @mail.umd.edu addresses). Some values need to be changed in order to work with the departmental email system (ie @physics.umd.edu addresses).

Because the instructions on the OIT page are so detailed and have screen shots, etc., we are going to refer to them in this document, giving the step number in the OIT document, and noting the changes to be made. Remember, if you are unsure what to do or need assistance, feel free to contact PCS with your questions, or even a request to configure the email client for you. But if you think you can follow these instructions and reconfigure the client yourself, that would be of help to us.

In general, the deparmental email server @physics.umd.edu uses IP based restrictions on outgoing mail, so it will only relay email from systems within the Physics building. Because it does not use usernames and passwords, this protocol is unaffected by our efforts to remove protocols sending cleartext passwords, and so should continue to use non-encrypted, non-SSL transport without any usernames or passwords.

The IMAP and POP protocols, used to read mail, must provide usernames and passwords, and your will be required to reconfigure your email client to use SSL transport. Authentication remains simple password authentication (no advanced authentication like challenge/response is currently accepted).

Should you be travelling and using a machine which you cannot or do not wish to re-configure the email client on, you can also securely access your @physics.umd.edu email by visiting the Glue Webmail page with your web browser. (This can also be used if you screw up your email settings trying to enable SSL connections until you can contact PCS to fix the matter.)

Instructions by Email client

Instructions for Outlook

This is based on the OIT instructions for using Outlook with mail@umd. The parts relating to ensuring an encrypted connection are steps 9-13. The modifications for the Physics department email server (@physics.umd.edu) are as follows:

Instructions for Outlook Express

This is based on the OIT instructions for using Outlook Express with mail@umd. The parts relating to ensuring an encrypted connection are steps 11-15. The modifications for the departmental email server are as follows:

Instructions for Netscape

This is based on the OIT instructions for using Netscape with mail@umd. The parts relating to ensuring an encrypted connection are steps 11-12. The modifications for the departmental email server are as follows:

Instructions for Thunderbird

This is based on the OIT instructions for using Thunderbird with mail@umd. The parts relating to ensuring an encrypted connection are steps 11-13. The modifications for the @physics.umd.edu email server are as follows:

Instrunctions for Mac OS X email

This is based on the OIT instructions for using OS X mail with mail@umd. The parts relating to ensuring an encrypted connection are steps 10-18. The modifications for the @physics.umd.edu email server are as follows:


Main Physics Dept site Main UMD site


Valid HTML 4.01! Valid CSS!