On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote:
> Ok, here's the deal:
>
> qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP
> passwords are sent in cleartext and are not encrypted. They can be viewed by
> people snooping a connection (although this is not as easy as it sounds). A
> way of fixing this insecurity is to use SSL, an option many POP3 clients
> (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced
> options usually). They perform the POP3 operations over the Secure Socket
> Layer (that is SSL), however this requires quite some config which I
> personally have never done before, but I have heard of people doing it.
Nice cover. So when you said "I was thinking of suggesting THAT ONE but IT
isn't very secure", you were actually talking about the POP3 protocol and not
qmail-pop3d specifically? If that's the case then why did you reply at all,
and in such an ambiguous way? You certainly didn't answer the poster's
question.
--Adam
