At work we only have POP configured on our mailserver, but I much prefer using IMAP, so I came up with this set of hacks to allow me to tunnel IMAP access to the IMAP server running on my workstation.

First I setup IMAP on my workstation. Since I'm running Fedora Core 2, this was just a matter of installing the dovecot rpm package. In order to get my POP mail delivered to my workstation, I setup fetchmail to run as a daemon to deliver my POP account mail to my local mail queue (Using postfix as my MTA, also installed as a rpm as part of FC2)

Once I'm getting mail delivered to my local workstation, then I simply point my Mail client there using IMAP instead of POP to our standard mail server.

Then I setup stunnel to act as a proxy to my imap mail server. Once configured, stunnel runs as a daemon, listens for connections to the indicated port, and runs ssh to connect to my work gateway to run netcat to connect to my workstations imap server. Once a connection is established, all traffic just gets sent back and forth along this chain of connections, so in effect, even though I connect to port 1234 on my home machine, it transparently ends up as a connection to port 993 on my workstation. Also, thanks to stunnel, connections are created on demand and dropped when client hangs up.

So from any imap client to my home machine, its ssl encrypted courtesy of stunnel serverside ssl. From my home machine to my work gateway machine its ssh encrypted, and from the gateway to my workstation its ssl encrypted thanks to the clientside ssl in stunnel and ssl on the imap server.

If you don't need the extra security for the gateway to workstation leg, you can stop stunnel from being a ssl client by using "client = no" in stunnel.conf, make netcat connect to port 143 instead of 993, and skip making a certificate on your workstation.

First make a certificate on home machine so ssl clients can create an ssl connection to stunnel:
cd /usr/share/ssl/certs
make stunnel.pem

Then make another certificate on work workstation so stunnel can create an ssl connection to dovecot:
cd /usr/share/ssl/certs
make dovecot.pem

*******************
workstation:/home/myuser/.fetchmailrc
poll mail.mywork.com protocol pop3 username "myuser" password "foobar"

*******************
home:/etc/init.d/rc.local:
/usr/sbin/stunnel /etc/stunnel/stunnel.conf

*******************
home:/etc/services:
imapwork 1234/tcp

*******************
home:/etc/stunnel/stunnel.conf:
cert = /usr/share/ssl/certs/stunnel.pem
client = yes

[imapwork]
accept = 1234
exec = /etc/stunnel/imapwork

*******************
home:/etc/stunnel/imapwork:
#!/bin/bash
# For this to work, make sure you have a passphraseless ssh key setup to that you can login to the gateway machine
/usr/bin/ssh myuser@mymachine@mywork.com /home/myuser/bin/netcat -c -w 10 myworkstation.mywork.com 993