I'm configuring my email on my new slack box. It's a home computer and only has two user accounts, root and me. I have the following in root's crontab:

/usr/bin/fetchmail -u <MYNAME> -p imap --ssl -P 993 <MYMAILSERVER>

Since MYMAILSERVER is not my ISP but just a separate service elsewhere in net land, I'm very interested in making sure my password isn't sent clear. I know my mailserver does support SSL. The above gets my email all right, but is there any way I can verify --ssl is actually secure? Or should I just trust it?

I believe -P 993 is redundant, since --ssl should make it use the 993 port by default, but that's just my paranoia.

Thanks again for everyone's awesome help.

What about using tcpdump and check the traffic ?

Thanks! That did it. It's going out to .imaps on the server, plus it's definitely using port 993. I'm convinced. Sometimes there are so many tools, it's hard to know what to use =)