Secure IMAP over SSH Tunnels

I finally figured out how to securely run imap - do it over ssh.

Here's a good reference: unixreview article The trick is that the mail client runs some other program to tunnel to the imap server and run imapd there. When the imap server runs locally like that, it realizes that you are already an authenticated user, and doesn't ask you to log in again.

The imap client you run has to include support for this. New versions of mutt (like 1.3.19) have a tunnel variable you can set, for example:

set tunnel="ssh -q /usr/sbin/imapd"

To use with Courier IMAP, syntax is

set tunnel="ssh -q /usr/sbin/imapd 2>/dev/null Maildir"

ssh has to be able to log you in w/o asking for a password, so you need to set up RSA or agent authentication first. However, if you have that, then the imap connections become completely transparent and you mail client no longer asks for passwords!

Check the mutt sourceforge site for a few more notes. Pay attention to the part about setting timeout and mail_check.

pine has similar support.

--phil 6/14/01


Our Founder
ToolboxClick to hide/show
RecentChanges Click to hide/show