I try to give some short statements on that topic.
qmail-popup supports APOP as its only secure authentication method,
Courier's pop3d supports SASL like CRAM-MD5 but no APOP. If
authenticating via vchkpw, CRAM-MD5 can't be used.
As someone asked in the courier-imap mailinglist for APOP the answer
was: "APOP is obsolete". That's true, but APOP is used by many.
But there are many losy POP3 clients that support only APOP or CRAM-MD5
as secure authentication methods. AFAIK Eudora speaks CRAM-MD5 but no
APOP, some versions of OE (maybe not all?) do the opposite.
Please don't throw in POP3 over SSL as an alternative, as client support
is even worse than with APOP or CRAM-MD5.
Does someone have a pointer to a mail client comparison chart showing
their support for secure authentication methods.
As a company providing POP3 service I can not force our customers to
change there favourite client.
I think, a modern POP3 server SHOULD support both APOP and SASL.
Is anybody out there (except Vladimir) who agrees?
Many users patch qmail-smtpd to have SMTP_AUTH. Does nobody patch
qmail-popup, to have CRAM-MD5? Don't you need it?
I'm curently running qmail 1.03 and the outdated vpopmail 5.2.1 with the
patches from Bill's site (shupp.org) provided by Vladimir. I have
SMTP_AUTH and SMTP-after-POP3, I have APOP and CRAM-MD5 and it works
fine. Before you say "then shut up and stay with it" (well, you are
right), current vpopmail has some nice features and the promised version
5.4 is something I want to use.
I don't want to offend anybody. I just have the need to read your
zeitform Internet Dienste Fraunhoferstrasse 5
64283 Darmstadt, Germany
http://www.zeitform.de Tel.: +49 (0)6151 155-635
mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634
GnuPG/PGP Key-ID: 0x613C21EA