On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote:
> Thought i'd ask what the general opinion is on the most secure pop3 daemon.
> I need to install a pop3 damon on my debian machine, but I wanted to get a
> good idea from you guys on which one to install.
Hi Moe,
All POP3 services are not safe, because they send plain-text login and
password. And your login/password could be the same of your shell acount, so
people can sniff it and use it to telnet to your machine.
You could try package "qpopper" that supports APOP autentication that does
not send the password in plain text. It also suport to use diferent passwords
for pop and shell services. after installing it, read "man popauth" and "man
popper". In this case, the client should also support APOP protocol.
I don't know about ssh, but there should be some pop over ssh/ssl service
that is safer.
Another option could be installing a webmail service over https in this
machine - but this is not a pop service; that's webmail. In this case, try
"imp" and "apache-ssl" packages.
I hope this will help you.
Pedro
