On Fri, 3 Dec 1999, Boris Singerman wrote:
> >From the discussion that was on this list a couple of days ago I
> understood that most clients using POP3 protocol (like Netscape's
> Messenger for example) send password in clear-text.
> Is it right ?! ( scaring ... )
it is. the linux-security list had a discusion on this a few weeks back
(2-3) if you dig the archives. basicly there's SSLpop but Outlook is one
of the only clients that supports it I think, and then there is Eudora
which has APOP. my solution is qmail-popper (since I use pure Qmail
whenever I can anyway) which is the easiest to set up with any source of
authentication, and simply give a different password to the person
pulling mail, so he doesn't use the same one he uses to login through
SSH.
if all your home users are a bit technical, you could have them install
ssh to do port redirection (availablee also for win32 I believe) and
poll POP through the ssh tunnel. quickest hack I can think of.
> ( If there are Netvision employees on this list I would like to hear
> what they have to say about email service that Netvision provides
> and how secure it is )
I don't think any ISP in the world (not just Israel) can allow himself
to implement this by default to everybody, as it will break
compatabilities. but perhaps some of them offer it as a special service.
--
Ira Abramov ; whois:IA58 ; www.scso.com ; all around Linux enthusiast
"Problem solving under linux has never been the circus that it is under
AIX."
(By Pete Ehlke in comp.unix.aix)
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
