On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
> Thought i'd ask what the general opinion is on the most secure pop3 daemon.
> I need to install a pop3 damon on my debian machine, but I wanted to get a
> good idea from you guys on which one to install.
Hi Moe,
All POP3 services are not safe, because they send plain-text login and password. And
your login/password could be the same of your shell acount, so people can sniff it and
use it to telnet to your machine.
You could try package "qpopper" that supports APOP autentication that does not send
the password in plain text. It also suport to use diferent passwords for pop and shell
services. after installing it, read "man popauth" and "man popper". In this case, the
client should also support APOP protocol.
I don't know about ssh, but there should be some pop over ssh/ssl service that is
safer.
Another option could be installing a webmail service over https in this machine -
but this is not a pop service; that's webmail. In this case, try "imp" and
"apache-ssl" packages.
I hope this will help you.
Pedro
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
