We're trying to set up a connection to an internal IMAPS server from external (public Internet) mail clients. We already have IMAPS working so we'd like to stick to using that for the encryption. But we don't want to open direct connections from the outside, through the firewall, to this server. So the idea is to use an intermediate server (in this case, it's a Fedora machine on a DMZ). This machine, which is our SquirrelMail server, already uses stunnel 4.05 to connect to IMAP on the internal server (in this case, encryption is not necessary since it's all a private network). We have succeeded in connecting from the outside clients, through the intermediary, and over the stunnel to the IMAPS server, but only using IMAP, not IMAPS. As far as we can tell, this is because the SSL certificate is not forwarded over the stunnel. I /think/, after reading more about stunnel, that this is expected--stunnel can only handle negotiated SSL for specific protocols, using the "protocol" option in the stunnel.conf. Am I right that stunnel won't work this way? If so, what do I really want to be doing, in order to get this to work? Squid? Basically, we just want a way to route the entire IMAPS connection through the intermediary server on the DMZ. I'll also gladly entertain commentary on this question: is what I'm trying to do--forwarding traffic through the intermediary server--actually more secure than just opening IMAPS from the outside to the inside? Thanks, Matt