"Michael H. Warfield" wrote:
> On Fri, Nov 30, 2001 at 06:46:52PM -0500, Enphourell Security wrote:
>
> [...]
>
> > The only bad part I find in ssl and ssh pop3 servers is that alot of
> clients don't have the capability of utilizing encryption, and
> when they do they are one of the many options ignored by the
> users. Hopefully soon, everything will be encrypted from the
> get go and we will live in a happier world...
>
> [ Your word wrap didn't. Please adhere to E-Mail text standards ]
>
> I have a simple solution to that problem. Unencrypted pop* and imap
> are simply blocked at the firewalls and ONLY pop3s and imaps (ports 993 and
> 995) are allowed in.
I did that, when i was working in ISP, i've blocked unencrypted connections from
outside of my IP zone, and allowed ones only in
the zone of IP, so that my users could download their mail via dialup access/from
their offices and so on, but, being in travel,
they should have been switch to secured session, or unable to download their mail.
The solution was working well.
--
Pavel
Information Security Officer of DeltaBank
ICQ UIN 39596913 8990192
Phone (7-095)-258-04-11 ext 1134
(7-095)-258-04-00 reception
