On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote: > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote: > > pzn writes: > > >Package: wnpp > > >Severity: wishlist > > > > > >* Package name : fakepop > > > Version : 7 > > > Upstream Author : Pedro Zorzenon Neto <[EMAIL PROTECTED]> > > >* URL : http://vztech.com.br/software/fakepop/ > > >* License : GPL > > > Description : fake pop3 server to warn users that only pop3-ssl is > > > available > > > > > >fakepop is a fake pop3 daemon. It returns always the same messages to > > >all users, it does not care about usernames and passwords. All user/pass > > >combinations are accepted. > > > > > >Why use fakepop: the main purpose of fakepop is to advice users that > > >your server only accepts pop3-ssl and they have wrongly configured pop3 > > >without ssl. You can customize messages in /etc/fakepop/ directory to > > >teach your users how they should configure their mail clients to use > > >pop3-ssl instead of pop3 > > > > So, let me get this straight - fakepop will allow people to log in > > (using their username and password) in the clear and THEN tell them > > that they should have used POP over SSL instead. Quite how is this > > better than "connection refused"? > > Read the description: > "You can customize messages in /etc/fakepop/ directory to teach > your users how they should configure their mail clients to use > pop3-ssl instead of pop3"
But the password have already been sent in cleartext, hasn't it ? -- Finn-Arne Johansen [EMAIL PROTECTED] http://bzz.no/