Reconfiguring POP for SSL

PLEASE READ: Important information regarding “POP3”:

 

“POP3” by default downloads email from a server to a single computer or device, then deletes it from the server. Because your messages get downloaded to a single computer or device and then deleted from the server, it can appear that mail is missing or disappearing from your Inbox if you try to check your mail from a different computer or device.


 

Reconfiguring Email for POP
Using Secure Socket Layer (SSL)

Important Reminders:

  • Because SSL configurations are client-based (i.e Eudora, Mac Mail, Outlook), you MUST change your setting on all of your machines that use ITS mail. This includes your machine(s) at home, machines used for travel and portable devices.

    In addition, if you use more than one email client (with the exception of WebMail), you must also change your settings on each of your email clients on each of your machines as well.

  • If you are using Yahoo.com to check your ITS email, please be advised that beginning February 1, 2005, you will NO longer be able to do this. You will only be able to FORWARD your email to Yahoo.com.

 

The Internet is not a secure place. When you perform online banking or other sensitive transactions over the web, your information is encrypted to prevent someone from stealing your personal data. Currently when you check email using an email client such as Eudora or Outlook, your userid and password are sent over the internet and could potentially be stolen. Someone who knows your access account userid and password can read your email, view your grades, access personal financial data, and even change your classes.

To protect your Penn State access account userid and password from being sent as clear text, Information Technology Services (ITS) is implementing SSL encryption on the email servers. (This is the same type of encryption used on secure web pages.) SSL is available now and will become mandatory in January 2005.

If you use Penn State WebMail, Kerberos (KPOP) or an email server other than email.psu.edu exclusively, this will not affect you. On the other hand, if you have received an email message from the ITS Help Desks regarding your email account, you have checked your email on either the email.psu.edu server and will need to follow the instructions below for your email client.

Below are the instructions for configuring SSL for incoming email for the most popular email clients.

Windows Mac OS 9 and Above
 
 

 

Important Notes for Mac Users:

  • We recommend that Mac 8.x users use Kerberos Authentication instead of SSL. Information and instructions can be found on our Kerberos for Macintosh Web page at http://helpdesk.psu.edu/article/5.

  • Mac OS 10.x users below 10.2 need to upgrade their operating systems to Mac 10.2 before reconfiguring their email client.

 

Windows

Eudora Version 5.x and Above

  1. Start Eudora.
  2. In the Tools menu, click Options.
  3. Go to the Checking Mail category.
  4. Set Secure Sockets when Receiving to Required, Alternate Port.
  5. Click OK.

Note: If you have multiple personalities set up in Eudora for your Penn State email (email.psu.edu), you will need to configure each Penn State email personality for SSL using the following instructions:

  • Under Tools, select Personalities.
  • In the Personalities window on the left hand side of the screen, right click on the personality for Penn State email that needs to be configured.
  • Select Properties.
  • In the Account Settings window that appears, select the Incoming Mail tab.
  • Set Secure Sockets when Receiving to Required, Alternate Port.
  • Click OK.

 

Mozilla 1.6 / Netscape 7

  1. Start Mozilla Mail.
  2. In the Edit menu, click Mail & Newsgroups Account Settings.
  3. Expand your account details by clicking on the + (plus) or the > (arrow) sign.
  4. Next, click on Server Settings.
  5. Click on the box to the left of Use secure connection (SSL).
  6. The Port number should automatically change to 995.
  7. Click OK.

 

Outlook Express 6

  1. Start Outlook Express.
  2. Next, select Tools->Accounts.
  3. Click on the Mail tab.
  4. Next, select your account.
  5. Click on Properties.
  6. Click on the Advanced tab on the Properties window.
  7. Click on the box to the left of This server requires a secure connection (SSL) immediately below the Incoming Serverheading.

    NOTE: Make sure that you have not checked Outgoing Server. The Outgoing Server check box should be left blank or unchecked.

  8. The Incoming mail (POP3) server port number should automatically change to 995.
  9. Click OK.

 

Outlook 2002

  1. Start Outlook.
  2. Next, select Tools-> Email Accounts
  3. Select View or Change Existing Accounts.
  4. Click the Next button.
  5. Select your email account.
  6. Click Change.
  7. Click on More Settings.
  8. When the Internet Email Settings dialog box opens, click on the Advanced tab.
  9. Click on the box to the left of This server requires a secure connection (SSL) under Incoming Server.
  10. The Incoming mail (POP3) server port number should automatically change to 995.
  11. Click OK.
  12. Click Next.
  13. Click Finish.

 

Outlook 2003

  1. Start Outlook.
  2. Next, select Tools-> Email Accounts
  3. Select View or Change Existing Accounts.
  4. Click the Next button.
  5. Select your email account.
  6. Click Change.
  7. Click on More Settings.
  8. When the Internet Email Settings dialog box opens, click on the Advanced tab.
  9. Click on the box to the left of This server requires an encrypted connection (SSL) under Incoming Server.
  10. The Incoming mail (POP3) server port number should automatically change to 995.
  11. Click OK.
  12. Click Next.
  13. Click Finish.

 

Outlook 2007

  1. Start Outlook.
  2. Next, select Tools-> Account Settings
  3. Click on the Email tab.
  4. Select your email account.
  5. Click Change.
  6. Click on More Settings.
  7. When the Internet Email Settings dialog box opens, click on the Advanced tab.
  8. Click on the box to the left of This server requires an encrypted connection (SSL) under Incoming Server.
  9. The Incoming mail (POP3) server port number should automatically change to 995.
  10. Click OK.
  11. Click Next.
  12. Click Finish.

 

 

Thunderbird Mail for Windows & Mac

  1. Start Thunderbird Mail.
  2. In the Tools menu, click Account Settings.
  3. Expand your account details by clicking on the + (plus) sign.
  4. Next, click on Server Settings.
  5. Click on the box to the left of Use secure connection (SSL).
  6. The Port number should automatically change to 995.
  7. Click OK.

 

 

Mac OS 9 and Above

Important Notes:

  • If you are using OS 7.x, we do not have a solution for configuring your Eudora for SSL.

  • If you are usingg OS 8.x, you will need to use Kerberos Authentication instead of SSL. Information and instructions can be found on our Kerberos for Macintosh Web page at http://helpdesk.psu.edu/article/5. In addition, we have found that Eudora 5.1 seems to work the best with OS 8.x.

  • If you are running OS X and wish to use SSL when checking mail, you must have OS X 10.2 or later installed. To be safe, always have all OS X updates from Apple installed.

  • You must also use Eudora version 5.2 or later although we recommend users upgrade to 6.x. Previous versions are incompatible with Eudora's use of SSL. Upgrading to Eudora 6.x is especially important for users running OS X as we have seen numerous issues with trying to configure Eudora 5.2 on this operating system.

  • If you are running Panther (the Mac OS 10.3) there might be an error. Please look at Eudora's web page athttp://www.eudora.com/techsupport/kb/2492hq.html on the Web.

 

Eudora Version 5.2 or Higher

  1. Start Eudora.
  2. Next, click on Special > Settings.
  3. Select SSL from the list on the left (towards the bottom).
  4. You will need to change to the following settings:
    SSL for POP: Required (Alternate Port)
    Standard Port SSL Negotiation: (Eudora 6.x only) Maximum Compatibility
    Alternate Port SSL Negotiation: (Eudora 6.x only) Maximum Compatibility

     

    Note: If you have multiple personalities set up in Eudora for your Penn State email (email.psu.edu), you will need to configure each Penn State email personality for SSL.

     

  5. Click OK to save the settings.

Important Note: Some people have had a problem checking email after enabling SSL. It seems to be a problem involving the Keychain and an SSL certificate.

We recommend users enable the Keychain first.

The instructions for enabling the Keychain and installing an SSL certificate are:

  • Enabling the Keychain for OS X:

    1. Go to the Go menu and select Utilities.
    2. Choose Keychain Access to open the Keychain Access control panel.
    3. If you do not have a keychain configured, you will be prompted to do so.
      • Follow the steps/prompts for creating a new keychain.

        Note: When prompted to enter a keychain name, we recommend that you enter your user ID.

      • Close the Keychain Access control panel.
    4. If you do have a keychain configured, close the Keychain Access control panel.
    5. When prompted, you will need to accept the certificate in the Keychain.
  • Installing an SSL certificate:

    Important Note: This should be done only if you get an error message stating that you need an SSL certificate.

    The Eudora Web site suggests:

    We have had some success with importing an SSL certificate into the Keychain and then having Eudora connect. Please click on the following link to download the Verisign SSL certificate:

    http://www.eudora.com/techsupport/download/verisign.hqx

    After downloading the file you will need to do the following:

    1. Unstuff the verisign.cer file.
    2. Next, double click on the verisign.cer file.
    3. OS X should then ask to import the certificate into the Keychain.
    4. Click on Ok.
    5. Now have Eudora check mail.
  • Enabling the Keychain for OS 9:

    1. Go to the Apple Menu and select Control Panels.
    2. Choose Keychain Access to open the Keychain Access control panel.
    3. If your Keychain Access control panel is disabled, you will need to run the Extensions Manager to activate the Keychain Access control panel before you can proceed.
    4. If you do not have a keychain configured, you will be prompted to do so.
      • Follow the steps/prompts for creating a new keychain.

        Note: When prompted to enter a keychain name, we recommend that you enter your user ID.

      • Close the Keychain Access control panel.
    5. If you do have a keychain configured, close the Keychain Access control panel.
    6. When prompted, you will need to accept the certificate in the Keychain.
  • Installing an SSL certificate:

    Important Note: This should be done only if you get an error message stating that you need an SSL certificate.

    The Eudora Web site suggests:

    We have had some success with importing an SSL certificate into the Keychain and then having Eudora connect. Please click on the following link to download the Verisign SSL certificate:

    http://www.eudora.com/techsupport/download/verisign.hqx

    After downloading the file you will need to do the following:

    1. Unstuff the verisign.cer file.
    2. Next, double click on the verisign.cer file.
    3. OS X should then ask to import the certificate into the Keychain.
    4. Click on Ok.
    5. Now have Eudora check mail.

 

Mail Application

For Version 1.3.9:

  1. Launch Mail.
  2. Next, select Preferences from the Mail menu.
  3. In the Preferences window, click the Accounts button.
  4. Next, select your account in the list on the left.
  5. Next, select the Advanced tab on the top of the Preferences on the right.
  6. Check the Use SSL checkbox at the bottom of the window.
  7. Then choose Password in the Authentication popup menu.
  8. Click OK.

For versions prior to Version 1.3.9:

  1. Launch Mail.
  2. Next, select Preferences from the Mail menu.
  3. In the Preferences window, click the Accounts button.
  4. Next, select your account.
  5. Click Edit.
  6. Next, select the Advanced tab on the top of the Account Information window.
  7. Check the Use SSL checkbox.
  8. Then choose Password in the Authentication popup menu.
  9. Click OK.

 

Mozilla

  1. From within Mozilla Mail, open the account settings window.
  2. Go to Edit > Mail and Newsgroup Account Settings.
  3. Expand your account details by clicking on the + (plus) sign.
  4. Click on Server Settings.
  5. Click on the box to the left of Use secure connection(SSL).
  6. The Port number should automatically change to 995.
  7. Click OK.

 

Entourage

  1. Start Entourage.
  2. Select Tools menu.
  3. Next, select Accounts.
  4. In the Account Dialog box, click the Mail tab.
  5. Double click on your account.
  6. Under the Receiving Mail category, click on Click here for advanced receiving options.
  7. Check the box for This POP service requires a secure connection (SSL).
  8. The POP port will change to 995.
  9. Click in the small close box in the upper left corner of the small window.
  10. Click OK in the Accounts window.

 

Was this helpful?: 

No