Secure Mail Services

Relevence

Obviously, the most secure choice for accessing your Computer Science e-mail is to use PuTTY© to login and then use your favourite e-mail tool (pine | elm | mail | mailx | Mail | emacs | etc, etc, etc). If you already use this method, you need read no further.

If you do not use the Computer Science e-mail service, then this is not the page you should be looking at. If you use the one of the University of Regina's central mail services, then you want these instructions.

However, if you use a Windows® or OS/X® GUI based e-mail client to access your Computer Science e-mail, then you must use the settings described here. If you have a laptop that you use at home and at the office, you can use the same secure settings from both locations.

Introduction

This document is not an attempt to teach you how to use or configure any of the tools described. The user is expected to have sufficient basic familiarity with these tools to perform the installation and basic configuration. This document will assist you in modifying the basic configuration to send and receive e-mail via an SSL encrypted communications channel.

You can also access your Computer Science mail by use of our secure web mail site: https://www.cs.uregina.ca/WebMail/. This site can also be used to securely access mail from other Faculty of Science mail services, as well as the University of Regina central mail servers.

If you routinely read your Computer Science mail using any other tools, then you must install an appropriate e-mail client and configure it using the following settings:

Outgoing or SMTP Server for Sending E-Mail

Set the host/server name to mail.cs.uregina.ca. Set the port to 465. Set it to use your Computer Science login and password and to use an SSL connection. Note that many e-mail clients will default to the correct port as soon as you select an SSL connection. If the machine you are using is physically secure, (locked up at home, and not accessible to anyone else), you can also set it to remember your password.

Incoming POP Server for Reading E-Mail

Only use a POP server if you read your mail from a single PC. POP is designed to download mail into local folders on your PC. Because of this, once accessed, your e-mail will only be accessible on that machine.

If you want to be able to access your mail from multiple PC's, or from a PC and our Web Mail service, use the IMAP server.

Set the host/server name to mailhost.cs.uregina.ca. Note that this is not the same name as you used for the outgoing server. Set the port to 995, and select an SSL connection. Many e-mail clients will default to the correct port once you select an SSL connection.

For incoming mail services you must provide your Computer Science login. As above, if your PC is physically secure, you can also set it to remember your password.

Incoming IMAP Server for Reading E-Mail

IMAP allows you to access files in your Computer Science home directory as mail folders. It is ideally suited for folks who want to read their mail from multiple systems. It allows them to save the e-mail into folders in their Computer Science home directory, where they can be found from another computer that is using compatible IMAP settings.

Your mail folders must be in a directory called mail/. This is the default used by pine. This directory must already exist before you try to access it via IMAP. If your folders are in some other directory, then you can either create a symlink to that folder, or rename your existing directory. If you rename your existing directory, then your mail folders will only be accessible to applications that look in the mail directory, or can be configured to look in that directory.

Set the host/server name to mailhost.cs.uregina.ca. Note that this is not the same name as you used for the outgoing server. Set the port to 993, and select an SSL connection. Many e-mail clients will default to the correct port once you select an SSL connection.

For incoming mail services you must provide your Computer Science login. As above, if your PC is physically secure, you can also set it to remember your password.

Additional Comments

Always use the host/server names specified above. The actual service may be hosted on any machine, but the names specified will always point to the currently correct host. Even if you happen to know the current host names for the mail service, do not use the actual host names. The host(s) providing this service can be changed at any time without prior notice.

The Web Mail service uses a commercially issued SSL certificate, signed by a well-known Certificate Authority. As such, it should be accepted by any web browser without user intervention.

The other secure mail services use self-signed or home-grown SSL certificates. The first time that you make a connection to one of these services you will be advised that the certificate being presented was not issued by a known Certificate Authority. You will be given the opportunity to accept or reject our certificate. You must accept the certificate in order to connect.

A home-grown SSL certificate is every bit as secure as a commercially issued certificate. However, for your own piece of mind, some e-mail clients allow you to examine the authenticity of certificates presented to your e-mail client. Some e-mail clients allow you the opportunity to examine the SSL certificate prior to connecting, some allow you to examine it after acceptance. In either case, our certificates have a Common Name that matches the name of the server you connected to. They are issued by the Department of Computer Science at the University of Regina.

Examples