ignoring the question of whether or not this should be supported,
there seem to be a few things to do if you do support it. for one
thing, don't expose plaintext reusable passwords. use something
like APOP or KPOP or one-time passwords for authentication to
the pop server.
-paul
"Watson, Peter" <[EMAIL PROTECTED]> on 06/14/2000 10:39:01 AM
>
> Does anybody have any comments, anecdotes, experiances with allowing the
> POP3 service through a firewall. The proposed solution would be to allow
> encrypted email go through a POP3 service as part of an overall EDI
> solution.
>
> 1. Currently we only allow the SMTP service on a corporate basis.
>
> 2. 18 months ago we revised the firewall ruleset when we changed
> firewalls to specifically disallow the
> POP3 service due to abuse by internal staff members.
>
> 3. My opinion is that we are a business and not an ISP so we shouldn't
> allow the POP3 service.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
