On Wed, Nov 21, 2001 at 12:58:57PM +0100, Peter Palmreuther wrote: > >> But how would you tunnel a POP3 request through SSH?
> LEM> ssh remote_user@remote_host -L 7485:remote_host:110
> LEM> and enter "localhost port 7485" as POP3 server in you mail
> LEM> client. 7485 can be any number, btw.
> Absolutely correct! And where is the point I need SSH support in TB!?
You don't _need_ it. Would be more convenient if TB! included a
scaled-down ssh client, point.
You don't _need_ SSL support in TB! either. ssltunnel anyone?
> (how many people do you know being able to POP their mailbox this
> way [in % of total known e-mailing people]?).
Err... At least 80% (all people from the two colleges I'm involved in,
the people from a company I manage the IT system, the clients of my
ISP with webhosting. That several hundreds of people and I know only a
dozen or so outside of these). But then, OK, maybe I'm not the typical
user.
> LEM> communication is encrypted between you and sshhost, but not between
> LEM> sshhost and pophost (if they are different).
> And there my next problem is: a small ISP would have POP & Shell
> (e.g. for WebSpace) maybe located on one machine so this is a
> secure way. A big one will have at least and minimum two machines
> for this two very different things (just for security reasons). So
> my security introduced by a SSH secured line shrinks.
I'm not sure of that. The link between the SSH host and the POP host
will be through the provider's localnet. If you don't trust the
provider's localnet, you are screwed anyway, even with SSL or
direct-to-pop-host-ssh, because of the _arrival_ of the mail (SMTP)!
--
Lionel Elie Mamane
OpenPGP DH/DSS 4096/1024 Key Fingerprint (KeyID: 3E7B4B73):
9DAD 3131 3ADA F50B D096 002A B1C4 7317 3E7B 4B73
msg30551/pgp00000.pgp
Description: PGP signature
