> In short, DBMail can take care of your authentication with POP/IMAP > before SMTP or you can use SASL or you can even use both making SMTP > authentication an option and not required in your pam.d. If you have > security issues you should use Stunnel which using SSLeay or OpenSSL > provides for a Transport Layer Security (also means SSL) connection. > This encrypts traffic between your client's PC and your server. SMTP > outgoing mail (as opposed to local) is then sent all over the globe in > the clear -- so evaluate (do I really need this?) on that basis.
Stunnel or the like does protect your pop3/imap (and sasl?) password though (depending on AUTH type you're using), and the client-server connections are much easier to eavesdrop on (eg. on a wireless or cable network) than are server-server connections (on internet backbone links, etc.). So when doing the fore-mentioned evaluation, definitely don't deduce that it's next to pointless to have encrypted client connections. -- Jesse Norell - [EMAIL PROTECTED] Kentec Communications, Inc.
