In the previous tutorial, we configured Dovecot to use a public/private key pair to encrypt traffic, and we installed OpenSSL on Windows. Now let's use OpenSSL on Windows to retreive emails from our Dovecot email server using POP3s.

Change to the directory that contains the openssl.exe program:

cd "C:\program files\gnuwin32\bin\"

Start OpenSSL:

openssl.exe

Display the current version of OpenSSL:

OpenSSL> s_client -connect mail.example.com:995

There should be many lines of text referencing various security parameters, such as SSL, TLS, and certificate. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "+OK Dovecot ready."

CONNECTED(00000003)    Verify return code: 18 (self signed certificate)---+OK Dovecot ready.

We can now retrieve an email.

+OK Dovecot ready.
user user1+OK
pass password+OK
 logged in.
list1 4392 318.
retr 1+OK 439 octets
Return-Path: <root@example.com>
X-Original-To: user1@example.com
Delivered-To: user1@example.com
Received: from localhost (localhost [IPv6:::1])    by mail.example.com (Postfix) with ESMTP id DD8D385G83G    for <user1@example.com>; 
Sun, 16 Aug 2015 00:30:08 -0500 (CDT)
Message-Id: <201607010182227.BFB1B1001D@mail.example.com>
Date: Sun, 10 Jul 2016 00:00:01 -0500 (CDT)
From: root@example.com

Hello World.

quit+OK Logging out.
Connection closed by foreign host.

Let's also test IMAPs.

OpenSSL> s_client -connect mail.example.com:993

There should be many lines of text referencing various security parameters, such as SSL, TLS, and certificate. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "+OK Dovecot ready."

CONNECTED(00000003)    Verify return code: 18 (self signed certificate)---+OK Dovecot ready.

We can now retrieve an email.

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.a login user1 passworda OK [CAPABILITY IMPA4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORE SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE] 
Logged in
a list "" "*"
* LIST (\\HasNoChildren) "." INBOX
a OK list completed
a examine inbox* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)* OK 
[PERMANENTFLAGS ()] Read-only mailbox.* 2 EXISTS* 0 RECENT* OK 
[UNSEEN 2] First unseen.* OK 
[UIDVALIDITY 1468252124] UIDs valid* OK 
[UIDNEXT 3] Predicted next UID
a OK [READ-ONLY] Examine completed (0.000 secs).
a fetch 1 body[]* 1 FETCH <BODY[] {439}
Return-Path: <root@example.com>
X-Original-To: user1@example.com
Delivered-To: user1@example.comReceived: from localhost (localhost [IPv6:::1])    by mail.example.com (Postfix) with ESMTP id DD8D385G83G    for <user1@example.com>; 
Sun, 16 Aug 2015 00:30:08 -0500 (CDT)Message-Id: <201607010182227.BFB1B1001D@mail.example.com>
Date: Sun, 10 Jul 2016 00:00:01 -0500 (CDT)
From: root@example.com

Hello World)
a OK Fetch completed
a logout* BYE Logging out
a OK Logout completed.
Connection closed by foreign host.

Now that both our Postfix and Dovecot email servers are security with authentication and encryption, we can finally start to relay emails through a third party so that we can exchange emails with remote servers.