Red Hat ENTERPRISE LINUX 3 Reference Manual

Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guide Installation guide Installation guide Installation guide Manual

Contents

160 Chapter 11. Email11.1.2. Mail Access ProtocolsThere are two primary protocols used by email client applications to retrieve email from mail servers:the Post Office Protocol (POP) and the Internet Message Access Protocol (IMAP).Unlike SMTP, both of these protocols require connecting clients to authenticate using a username andpassword. By default, passwords for both protocols are passed over the network unencrypted.11.1.2.1. POPThe default POP server under Red Hat Enterprise Linux is /usr/sbin/ipop3d and is providedby the imap package. When using a POP server, email messages are downloaded by email clientapplications. By default, most POP email clients are automatically configured to delete the messageon the email server after it has been successfully transferred, however this setting usually can bechanged.POP is fully compatible with important Internet messaging standards, such as Multipurpose InternetMail Extensions (MIME), which allow for email attachments.POP works best for users who have one system on which to read email. It also works well for userswho do not have a persistent connection to the Internet or the network containing the mail server.Unfortunately for those with slow network connections, POP requires client programs upon authenti-cation to download the entire content of each message. This can take a long time if any messages havelarge attachments.The most current version of the standard POP protocol is POP3.There are, however a variety of lesser-used POP protocol variants:• APOP — POP3 with MDS authentication. An encoded hash of the user’s password is sent from theemail client to the server rather then sending an unencrypted password.• KPOP — POP3 with Kerberos authentication. Refer to Chapter 18 Kerberos for more informationabout Kerberos.• RPOP — POP3 with RPOP authentication. This uses a per-user ID, similar to a password, to au-thenticate POP requests. However, this ID is not encrypted, so RPOP is no more secure than stan-dard POP.For added security, it is possible to use Secure Socket Layer (SSL) encryption for client authentica-tion and data transfer sessions. This can be enabled by using the ipop3s service or by using the/usr/sbin/stunnel program. Refer to Section 11.5.1 Securing Communication for more informa-tion.11.1.2.2. IMAPThe default IMAP server under Red Hat Enterprise Linux is /usr/sbin/imapd and is provided bythe imap package. When using an IMAP mail server, email messages remain on the server whereusers can read or delete them. IMAP also allows client applications to create, rename, or delete maildirectories on the server to organize and store email.IMAP is particularly useful for those who access their email using multiple machines. The protocol isalso convenient for users connecting to the mail server via a slow connection, because only the emailheader information is downloaded for messages until opened, saving bandwidth. The user also has theability to delete messages without viewing or downloading them.For convenience, IMAP client applications are capable of caching copies of messages locally, so theuser can browse previously read messages when not directly connected to the IMAP server.IMAP, like POP, is fully compatible with important Internet messaging standards, such as MIME,which allow for email attachments.