On Wednesday 01 December 2004 06:46 am, Andreas Barth wrote: > * Ron Johnson ([EMAIL PROTECTED]) [041201 12:40]: > > On Wed, 2004-12-01 at 22:25 +1100, Matthew Palmer wrote: > > > On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote: > > > > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote: > > > > > So, let me get this straight - fakepop will allow people to log > > > > > in (using their username and password) in the clear and THEN tell > > > > > them that they should have used POP over SSL instead. Quite how > > > > > is this better than "connection refused"? > > > > > > > > Read the description: > > > > "You can customize messages in /etc/fakepop/ directory to teach > > > > your users how they should configure their mail clients to use > > > > pop3-ssl instead of pop3" > > > > > > So I can put "All your mail is belong to us" in my /etc/fakepop/ > > > directory, so that people know that their passwords *have* been > > > successfully sent in the clear before being told to reconfigure their > > > mail client? Well, *I'm* comforted. > > > > But since the password isn't valid, does it make much difference? > > > > For example, my pop3 password isn't the same as my GnuPG passphrase. > > Well, but the probability that users who mis-use pop3 instead of > pop3-ssl use their pop3-ssl password for pop3 is quite high. > > > Cheers, > Andi
Your informational message that says how to connect to the pop3-ssl server could also suggest that the user change his or her password. Josh