Connecting to the Duke Statistics Secure IMAP server

In order to provide a secure facility for Duke Statistics faculty, students and staff to read their email while away from the department, a secure IMAP (Internet Message Access Protocol) server has been established. The secure aspect is handled via Secure Socket Layer (SSL) encryption (the same method used by secure web for e-commerce). This server will provide access to your Duke Statistics email provided that you have a client that will speak IMAP over SSL. Some such clients are:

• Mozilla (Netscape 6)
• Netscape Communicator 4.xx
• Microsoft Outlook and Outlook Express
• mutt
• pine

In order to protect the SSL certificates from poaching/hi-jacking, each certificate is valid for a set length of time which is encoded into the certicate at the time it is created. I have set a valid lifetime of one year (365 days) for the Duke Statistics secure IMAP server. When a certificate expires, you will receive a warning message to this effect. Each client will behave differently when an expired certificate is encountered.

The only remaining issue will be responding to email. The IMAP server only allows you to read your Duke Statistics mail. In order to send email, you have to configure the email client to talk to the local SMTP (Simple Mail Transport Protocol) server. Often, this machine is cleverly called smtp + the local domain (e.g. the mail relay for the duke.edu domain is called smtp.duke.edu).

Configuration hints, generalized

• the IMAP server name is imap.stat.duke.edu
• the server requires SSL connectivity
• connect as your Duke Statistics username
• accept the self-signed certificate

Configuration hints by client

Mozilla (Netscape 6)

1. Open the Mail window by clicking Window -> Mail & Newsgroups.
2. Iff the Account Wizard dialog does not popup:
   1. From the "Edit" menu, click Mail & Newsgroups Account Settings.
   2. If you are configuring Mozilla on an Duke Statistics system for the first time, remove any existing accounts listed in the left pane. The only remaining entries should be "Outgoing Server (SMTP)" and "Local Folders".
   3. Click the "Add Account..." button.
3. Choose "Email account".
4. Type or change your name and email address as necessary. By convention, your email address should use stat.duke.edu rather than stat.duke.edu.
5. Select IMAP server. Type imap.stat.duke.edu in the "Incoming Server" box. If there is an "Outgoing Server" box, fill it with "smtp.stat.duke.edu".
6. Type your username as necessary.
7. Type any Account Name. I suggest "Duke Statistics".
8. Click Finish. If the Account Settings dialog is not open, click the "Edit" menu, then Mail & Newsgroups Account Settings.
9. Click on the account name in the left pane (e.g. Duke Statistics).
10. Uncheck "Compose messages in HTML format.
11. Click on "Server Settings". Check "Use secure connection (SSL)". The port number should change to 993. Check the other boxes as you prefer.
12. Click the "Advanced..." button. Type "mail" in the "IMAP server directory" box. Uncheck every checkbox on this dialog.
13. Click OK on both open dialogs and restart Mozilla for the changes to take full effect.
14. NOTE: The first time you check your mail with Mozilla, it will complain about the server certificate. Check "Remember this certificate permanently" and click the "Continue" button.

Netscape Communicator 4.xx

1. Edit -> Preferences -> Mail & Newsgroups -> Mail Servers
2. Select "Add ..." under Incoming Mail Servers
3. Under the General tab,
   • Server Name: imap.stat.duke.edu
   • Server Type: IMAP
   • User Name: "Your Duke Statistics login id"
4. Under the Advanced tab,
   • Select "Use secure connection. (SSL)"
5. Click "OK" in the popup dialog box. (imap.stat.duke.edu should now appear in server menu)
6. Click OK to save and exit Prefeneces setup.
7. The first time you attempt the connection:
   1. Netscape will complain about the SSL certificate (since it is self-signed) and will popup a dialogue box
   2. Select OK (default) for most options.
   3. Select "always accept this key".
   4. Evenutally, a Password dialogue will pop up. Use your Duke Statistics password to authenticate.
8. To handle an expired SSL certicate:
   1. Go to the "Security Info" dialogue box by clicking on the lock icon in the lower left corner of the browser window
   2. Follow the "Web Sites" link (under Certificates).
   3. Select (click on) the expired certificate
   4. Click on the "Delete" button.
   5. Select OK to leave the dialogue box.

Microsoft Outlook and Outlook Express

For security reasons, the use of any Microsoft mail client is strongly discouraged -- so strongly, in fact, that instructions for using it to access the IMAP server have been omitted. Surely there is another client on your computer...

Mutt with IMAP/SSL

To connect to a secure IMAP server, mutt must have been compiled with both IMAP and SSL support. The following entries to must be added to ${HOME}/.muttrc

• Let mutt know where to save SSL certificates

  set certificate_file=~/.mutt_certs
  

• Set the path to your IMAP inbox

  set spoolfile={imap.stat.duke.edu/ssl}inbox
  

• Optionally add your additional mailboxes

  set folder={imap.stat.duke.edu/ssl}mail
  

Pine with IMAP/SSL support

In order to connect to a secure IMAP server, pine must have been compiled with both IMAP and SSL support. The following entries to must be added to ${HOME}/.pinerc

• Set the path to your IMAP inbox

  inbox-path={imap.stat.duke.edu/ssl/novalidate-cert}inbox
  

• Optionally add your additional mailboxes

  folder-collections={imap.stat.duke.edu/ssl/novalidate-cert}mail/[]