On Wed, Apr 14, 1999 at 12:08:05AM -0400, Joe Junkin wrote:
> Hello all,
> When a pop user logs in to check mail, they send their user password in clear
> text over the network. So, a pop user account could be comprimised, and is
> therefore unsecure. On a mail server I administer, I set all of the qmail user
> accounts shell to be /bin/false which disallows a direct login by the user. This
> is fine with me since none of my email accounts will every log in.
>
> This seems secure, but is it enough? Is there more that one can do to secure pop
> accounts?
If the accounts are _only_ for email, you should consider a vpop solution, putting
all mailboxes under 1 UID.
IMnsHO, no pop-only account should be in your /etc/passwd at _any_ time.
Greetz, Peter
--
| 'He broke my heart, | Peter van Dijk |
I broke his neck' | [EMAIL PROTECTED] |
nognixz - As the sun | Hardbeat@ircnet - #cistron/#linux.nl |
| Hardbeat@undernet - #groningen/#kinkfm/#vdh |
