* on the Tue, Jul 25, 2006 at 11:36:02AM -0400, [EMAIL PROTECTED] was tippering: > I am currently using AUTH PLAIN via SASL for SMTP and then TLS. I have > nothing currently in place to POP3 but I am just wondering, I mean, if > someone was doing any packet sniffing they could see the username and > password being passed because of the fact that I am using plain. What is > the best and most secure way of preventing this for both SMTP and POP3 > authentication?
Use STARTTLS and an SSL enabled pop3 server (pop3s). It should fix these both problems. Instruct (not force) the users to use SSL when authenticating using SMTP-AUTH. Warm Regards. -- Bruno Delbono Open-Systems Group Inc. http://www.open-systems.org/ http://www.mail.ac/ http://hub.mail.ac/ -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
