Hello X-Istence,

Saturday, May 22, 2004, 11:06:33 PM, you wrote:

XI> -----BEGIN PGP SIGNED MESSAGE-----
XI> Hash: SHA1

XI> Your first message, which started this flamewar.

>> <snip>
>>
>> Roy,
>>
>> In the OLD days, people were happy with SMTP-Auth.  I consider it LESS
>> security as SMTP after POP, because with SMTP-Auth, You sent Your
>> e-mailadress and Your password of Your mailbox over the internet.
>> When a man-in-the-middle catch this e-mail (or worse Your PW), he can
>> use it for spam, or access Your mailbox.

XI> Well, considering you send your entire email over the line to get access
XI> to pop, this claim is not true. Just thought id bring this up, as
XI> everywhere else you are suggesting that it is not true that you said that.

XI> Hell, pop3-ssl would be the same as smtp-ssl both would allow secure
XI> authentication.

XI> SMTP after POP is a pain, and it doesnt help against these so called man
XI>  in the middle attacks. Unless off course you would also provide a patch
XI> to make it pop3-ssl, in which cause the next thing you say would be a
XI> better solution.

>>
>> I suggest You use: SHUPP's version with netqmail like :
>>
>> fetch http://www.qmail.org/netqmail-1.05.tar.gz
>> tar xzvf netqmail-1.05.tar.gz.tar
>> cd netqmail-1.05
>> ./collate.sh
>>
>> # patch with Shupp's TLS and SMTP-Auth
>> fetch
>> http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch
>> patch < ./netqmail-1.05-tls-smtpauth-20040207.patch
>>

XI> So now that we have smtp-ssl, or smtps, how is SMTP after POP still more
XI> secure? Why not just start an SSL connection and then auth with SMTP? I
XI> dont see a difference at all. You brough POP in for no apperant reason
XI> at all. Hell, id rather use SMTP auth than first pop and then sending
XI> the mail, as its a pain in the ass to configure most mail clients to do
XI> POP before SMTP.

>> certificate:
>>
>> You can copy thoses (extension .pem) from :
>> freeBSD, vpopmail stuff
>> cd /var/qmail/control
>> cp /usr/local/cert/ipop3d.pem servercert.pem
>> ln -s servercert.pem ./clientcert.pem
>>

XI> Breached# ls /usr/local/cert/ipop3d.pem
XI> ls: /usr/local/cert/ipop3d.pem: No such file or directory

XI> hrm, thats FreeBSD BTW.

>> Activate TLS by create a certificate, and You will be much better off
>> to create an encrypted connecton to Your SMTP server by the SMTP Enc
>> smtps           465/tcp    #smtp protocol over TLS/SSL (was ssmtp)
>> smtps           465/udp    #smtp protocol over TLS/SSL (was ssmtp)
>>
>> <snip 500 million line sig>

XI> X-Istence

XI> -----BEGIN PGP SIGNATURE-----
XI> Version: GnuPG v1.2.4 (FreeBSD)
XI> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

XI> iD8DBQFAr8DYJukONu5DUaQRAt+1AJ4rE88Og4vvjtJmrr6an0jCZYrduwCgk1C5
XI> WKsxNOR6msDCJFK7wwaboqs=
XI> =vm3x
XI> -----END PGP SIGNATURE-----

'SMTP after POP' is a technique.  I clearly stated to do POP3-SSL, to
have afterwards a 'SMTP after POP' functionality.  You authenticate
completely with encruption, You get the smtp server open due to Your
authentication for several minutes (for Your IP, if You wish), and You
have Your 'SMTP after POP'.  If I try to define it 'SMTP after
POP3_SSL', well we have a new definition.

You can take worsds out of the sentense, espescialy when someone
writes terrible English, like I do, but I really known every topic
what You mean.  First try to understand, and answer on the same road
I explained and not of the road.

And if some people start with flaming...  The flamewar did NOT start
with my message.  It started with Mr Doctor Hoffmans words, I quote  'troll'

Well if we You to the road of ego, I can put other things on the
table, but this serves not this list, and it was already a waste of
time.

This is my final answer, You can help out the guy with his problem.
I leave it all to You, nice guys.  I have a company to run.

-- 
Best regards,
 DEBO Jurgen
 mailto:[EMAIL PROTECTED]

--------------------------------------------------------------------------------------------
                 www.guide.be * www.gids.be * www.guide.fr * www.shop.fr
--------------------------------------------------------------------------------------------
         / \         sarl GUIDE (sdet)
         ---         the GUIDE, de GIDS, TELESHOP, SHOP
     __   |   __     128, rue du faubourg de Douai  
    |  /  |  \  |    FR-59000 Lille, La France
     / \  |  / \     TÚl/Fax +32 59 26.91.51 Mobile +32 479 212.841
 /|______\|/______|\ Site    http://sarl.guide.fr
 \|      /|\      |/ N░ TVA  FR-55.440.243.988    
    |\ /  |  \ /|    RC Lille 74075/2001B01478
    |__\  |  /__|    Siret 440 243 988 00027
          |          Compte BE: KREDBEBB (BIC) BE56.466-5571951-88 (IBAN)              
                 
         ---         Compte FR: CMCIFR2A (BIC) FR76.1562-9027-0200-0455-1870-127 (IBAN)
         \ /         Conditions (terms): http://sarl.guide.fr/conditions.php  
--------------------------------------------------------------------------------------------
www.teleshop.fr * www.teleshop.be * www.teleshop.biz * www.teleshop.info * 
www.teleshop.name
--------------------------------------------------------------------------------------------

Reply via email to