Ives, This is encouraging news to me. As you know, in terms of POP3 clients, such as Outlook, the Imail POP3 service cannot be configured to use SSL. Thus, even if Kerberos is keeping NT/AD usernames and passwords from flying around your network in clear-text, the second someone checks their email with a standard POP3 client the information is sent to Imail POP3 in the clear. So much for security...just set a sniffer to scan all POP3 traffic that contains "user" and "pass".
Can you clarify, with your experience with this product you mention below (I beleive they are called SSL offloaders), could one set this appliance infront of the mail server to eliminate POP3 passwords from being sent through the internal network in the clear? Thus providing a enternal end-to-end tunel from the POP3 client to the SSL offloader - which I'm guessing has one port that leads to the network and another that links right into the Imail server. Thanks! Sean ---------- Original Message ---------------------------------- From: "Ives Stoddard" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 25 Mar 2003 17:05:58 -0500 >We use the hardware SSL product from from SonicWall (actually we've got the CISCO >version, but SonicWall makes the internals - SonicWall should be the cheaper of the >two), where you can put any port or service behind SSL. > >We were forced to use SSL for POP, IMAP, SMTP because we use NT/AD authentication >(for single user/pass auth to all our internal systems). We couldn't use IMail's SSL >because of the poor performance when you reach a large number of users. If you're >looking for an excellent solution, that's the way to go unless a new competitor has a >cheaper product available (SonicWall and CISCO aren't cheap - the investment is worth >it if you need the security and performance). > >Regards, > >Ives > ----- Original Message ----- > From: Paul Kildee > To: [EMAIL PROTECTED] > Sent: Tuesday, March 25, 2003 3:48 PM > Subject: SPAM: The Below EMail May Be SPAM ----- [IMail Forum] Secure IMAP/POP > > > Has anyone worked out a better solution to IMAP or POP via a SSL connection besides > the Stunnel program? > > Paul > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
