On Tue, 31 Jul 2007 22:01:15 -0400 Alan G Isaac <[EMAIL PROTECTED]> wrote:
AGI> My workplace IT claims that my email client has been AGI> transferring my user name and password information in AGI> unencrypted clear text. I am supposed to fix this. AGI> Are they likely to be right? How can I tell? By asking them to tell you why do they think your client is doing this. E.g. do they have any network traffic captures or something like that? If not, you can of course try to capture what passes between M and your server yourself using e.g. the free wireshark program but I suppose your IT people have already done this. AGI> If they are right, how can I fix this? AGI> AGI> I use IMAP. AGI> In my network preferences, I have: AGI> SSL/TLS for SMTP server: use SSL only Normally this should be enough to ensure that nothing passes over the network in plain text. Moreover, IMAP server shouldn't normally use PLAIN authentication mechanism anyhow and so the password shouldn't be sent in plain text anyhow, even without SSL. But assuming the server configuration is broken (there is nothing you, nor me, can do about it), it's possible that there is a horrible bug in M which results in not using SSL for some reason. I don't really know how to debug it though, the network capture (of the connection initiation) or at least the M debug log would be useful. Thanks, VZ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Mahogany-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mahogany-users
