On Sun, Jul 02, 2000 at 01:23:20PM +1000, Brett Randall wrote:
} Ok, here's the deal:
}
} qmail-pop3d is NOT secure, nor are most other standard POP3 daemons. POP
} passwords are sent in cleartext and are not encrypted.
Yes, but if you use APOP, the password goes out in the clear but is
useless afterwards. Any client I can think of, including Eudora on my
Newton (which can't use SSL), supports APOP, and so does qmail-pop3d
with the appropriate checkpassword replacement.
} They can be viewed by
} people snooping a connection (although this is not as easy as it sounds). A
} way of fixing this insecurity is to use SSL, an option many POP3 clients
} (including most Microsoft ones, and Netscape, AFAIK) offer (in Advanced
} options usually). They perform the POP3 operations over the Secure Socket
} Layer (that is SSL), however this requires quite some config which I
} personally have never done before, but I have heard of people doing it.
It's simple using something like stunnel.
}
} Look into it
}
} Brett
}
} Manager
} InterPlanetary Solutions
} http://ipsware.com/
}
}
--
--------
Paul J. Schinder
NASA Goddard Space Flight Center
[EMAIL PROTECTED]
