qpopper 4.0.3 non stand alone. In my qpopper.conf file I have set it to only accept clear text passwords once an ssl connection has been established. But when I tested qpopper by telneting to port 110 I was allowed to authenticate immediately?
I'm certain I've complied popper with the necessary options --with-openssl etc/ I see no errors from the trace/debug file when I connect. Here is my conf file which is definitely being parsed on connect. ----------------------------------------- set tracefile = /path-to-trace/qpop.trace set clear-text-password = tls set tls-support = stls set tls-version = default set tls-server-cert-file = /path-to-ssl/cert.key set tls-private-key-file = /path-to-ssl/priv.key set debug = true ----------------------------------------- See the option "set clear-text-password = tls". Why does popper still allow un-encrypted communications? Help! Jim Parker
