On Thu, 2002-09-26 at 10:16, Eric Jeschke wrote: > I HIGHLY recommend that if you access imap to a login account over the > internet that you run it in secure mode, tunnel it over ssh, or in some > way secure it.
Agreed. I personally always use IMAP through an SSH tunnel, even while I am at home. Yes TCP over TCP tunneling is extremely inefficient and broken in some cases, but it works well enough for me. > > ***Note that this applies to squirrelmail over regular http too***. You > should only run squirrelmail over secure http (https). On our server > we do not allow squirrelmail to be accessed via http, only https. > > --Eric > Do you folks have a key with Verisign, or do you run your own CA? I was thinking about UH running a CA, free for Hawaii non-profit folks. Anyone else interested in this?
