Re: POP3 risk over the internet

From: Bernie Cosell (bernie@fantasyfarm.com)
Date: 12/17/01 

From: Bernie Cosell <bernie@fantasyfarm.com>
Date: Mon, 17 Dec 2001 07:09:05 -0500

those who know me have no need of my name <not-a-real-address@usa.net>
wrote:

} <3C1D6482.D4B204BE@earthlink.net> divulged:
}
} >The danger of POP3 is twofold - the first is that your clients will
} >be passing cleartext username/password across the Internet at large,
}
} this can be mitigated by setting the pop3 (and imap) connectors to
} disallow clear text unless ssl is used.

This is what we did on one system: we have an SSL-relay set up on the
"pops" port [I forget its number --993 or some such?] and have tcp-wrappers
set up so that the pop server *ONLY* listens to 'localhost'. Another
possibility [which we did on yet a different system] was configured the pop
server so that it would *ONLY* do "apop". The latter is a more viable
option for general users [since setting up the shared-secret for 'apop' is
usually just a few mouse-clicks in most mail clients, but setting up the
outbound relay requires a bit more cluefulness], but both work...

  /Bernie\ 

-- 
Bernie Cosell                     Fantasy Farm Fibers
bernie@fantasyfarm.com            Pearisburg, VA
    -->  Too many people, too few sheep  <--

Quantcast