Hi, I try to give some short statements on that topic.
qmail-popup supports APOP as its only secure authentication method, Courier's pop3d supports SASL like CRAM-MD5 but no APOP. If authenticating via vchkpw, CRAM-MD5 can't be used. As someone asked in the courier-imap mailinglist for APOP the answer was: "APOP is obsolete". That's true, but APOP is used by many. But there are many losy POP3 clients that support only APOP or CRAM-MD5 as secure authentication methods. AFAIK Eudora speaks CRAM-MD5 but no APOP, some versions of OE (maybe not all?) do the opposite. Please don't throw in POP3 over SSL as an alternative, as client support is even worse than with APOP or CRAM-MD5. Does someone have a pointer to a mail client comparison chart showing their support for secure authentication methods. As a company providing POP3 service I can not force our customers to change there favourite client. I think, a modern POP3 server SHOULD support both APOP and SASL. Is anybody out there (except Vladimir) who agrees? Many users patch qmail-smtpd to have SMTP_AUTH. Does nobody patch qmail-popup, to have CRAM-MD5? Don't you need it? I'm curently running qmail 1.03 and the outdated vpopmail 5.2.1 with the patches from Bill's site (shupp.org) provided by Vladimir. I have SMTP_AUTH and SMTP-after-POP3, I have APOP and CRAM-MD5 and it works fine. Before you say "then shut up and stay with it" (well, you are right), current vpopmail has some nice features and the promised version 5.4 is something I want to use. I don't want to offend anybody. I just have the need to read your opinion. Best wishes Alex -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.de Tel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA