At 4:29 PM -0500 10/23/01, Kim Scarborough wrote: > > You are right that it won't be listening on port 110 in this case, but >> I'm wondering whether it may fall back to unencrypted session on port >> *955* if the client cannot do SSL. I want to be absolutely sure that > > qpopper will only accept encrypted connections.
If you set 'alternate-port', that tells Qpopper to do a TLS/SSL negotiation as soon as the connection opens. There is no fall-back. If the TLS/SSL negotiation fails, the connection is closed. (If you use 'stls', then the session can be either TLS/SSL or not. In that case, setting 'clear-text-passwords' to 'tls' (or 'ssl') prevents users from authenticating without TLS/SSL or APOP. If APOP isn't enabled then it isn't an issue.) --
