On Sat, 20 Nov 1999, dd wrote:
> hi
>
> AFAIK one of the documents related to qmail mentioned the insecurity of
> POP3 protocol and said that in an insecure network the passwords could
> easily be stolen. today i tried one of the sniffers for linux and got the
> pass of my friend (of course, i told him that i did so). errm, if i can do
> this, any other user can do the same too. hmm, does qmail-pop3d support
> any kind of encryption of the passwords ? so that i can guarantee the
> security of the accounts of my users?
Unless you have Windblows boxes on your network, you have nothing to worry
about. In Unix, you have to be root in order to sniff packets.
There is, allegedly, a challenge-response authentication standard defined
for POP3, but I find very few POP3 servers that implement it in practice.
There is also a challenge-response authentication standard defined for
IMAP, and, to a lesser degree, SMTP authentication, which is somewhat
popular.
