Physics Computing Services


Email - SSL Encryption and SMTP Authentication


 

Why is this important?

Insecure mail servers are often used by spammers to send unsolicited mail to the masses and other unscrupulous activity. For this reason, secure mail servers employ the following techniques:

To provide a more secure network and protect the credentials of our users, in the future PCS will be requiring the use of secure protocols on the Physics mail server at mail.physics.ucsb.edu from both inside and outside the Physics networks. All users of email clients should check that their program supports SSL encryption and SMTP Authentication, and enable these features. General settings for email clients are at the bottom of this document.

Note that campus is planning to require that all mail servers on campus, which transmit on port 25 over the campus backbone, support these new protocols in the future. They will be allowing port 25 traffic from only known, valid email servers on campus. Groups currently running their own mail server will be required by campus to comply, or risk having the service blocked.

About SSL Encryption and SMTP Authentication

PCS has recently added SSL encryption for the SMTP protocol to the Physics mail server, and offer it over alternative ports (587 and 465 for email client submission). It has been available for IMAP-SSL and POP3-SSL service for quite some time.

SSL encryption scrambles credentials and email data as they move between your computer and the Physics mail server. SSL encryption is also supported by our mail server when mail servers on the other end (Message Transport Agents or MTAs) also support encryption; but the majority of mail servers out there do not yet support SSL for SMTP-TLS.

When configured correctly, email clients (Mail User Agents or MUAs) such as Outlook, Eudora, Netscape/Mozilla, or Apple Mail, can send email securely through mail.physics.ucsb.edu using your username and password as credentials, whether or not you are on a non-UCSB Physics network (such as your home ISP, or when visiting another institution). We expect that this will be a convenient and valuable feature for people working away from the UCSB Physics network.

For quite some time we have denied relaying email originated from non-UCSB Physics networks on our mail server. What is new is the ability for you to authenticate and send mail encrypted on an alternate port through the Physics mail server, while on another network. In addition, to combat spam and mail-borne viruses/worms, many ISPs such as Cox Cable have begun restricting mail clients on their network to connect to only their authorized mail server on port 25. All other use of port 25 to destinations outside of the Cox network is prohibited. Configuring encryption for SMTP on an alternate port will get around this limitation.

To use SSL for authentication, you will still use "mail.physics.ucsb.edu" for Outgoing Mail or SMTP, but you need to configure other features of your email client.

General Settings for Mail Clients

Client-Specific Instructions

There are basic instructions for many clients here.


Physics Computing Services, pcs@physics.ucsb.edu
Last updated October 27, 2005 by Jennifer L. Mehl