No. Don't know what Outlook is doing with it's logs, but POP3 User/Pass are both plain text over the wire. You need APOP or SSL to keep the POP password from passing in clear text.
Jerry ---- Original Message ----- From: "John Tolmachoff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 27, 2003 6:58 PM Subject: RE: [IMail Forum] Secure IMAP/POP > This is encouraging news to me. As you know, in terms of POP3 clients, such as > Outlook, the Imail POP3 service cannot be configured to use SSL. Thus, even if > Kerberos is keeping NT/AD usernames and passwords from flying around your > network in clear-text, the second someone checks their email with a standard > POP3 client the information is sent to Imail POP3 in the clear. So much for > security...just set a Sniffer to scan all POP3 traffic that contains "user" and "pass". I am not sure that is accurate. When testing the recent discussion about long addresses, when viewing the logs, the user name and password were encrypted to some extent by Outlook. Now, I did not do a NetMon session on the receiving server to check what was actually received, but the POP3 log by Outlook showed it encrypted. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
