vanilla imap is an insecure protocol, unless you only run it in secure mode (imaps, port 993). If anyone sniffs your regular unencrypted imap traffic they will not only be able to intercept your email, but possibly to login to your account (e.g. if you have ssh enabled and are only requiring password authentication (another good reason to require key authentication)). This does not apply if the account does not allow remote logins (e.g. cyrus imap).
I HIGHLY recommend that if you access imap to a login account over the internet that you run it in secure mode, tunnel it over ssh, or in some way secure it. ***Note that this applies to squirrelmail over regular http too***. You should only run squirrelmail over secure http (https). On our server we do not allow squirrelmail to be accessed via http, only https. --Eric -- Eric Jeschke http://cs.uhh.hawaii.edu/~jeschke On Thu, 26 Sep 2002 [EMAIL PROTECTED] wrote: | From: Jim <[EMAIL PROTECTED]> | To: [EMAIL PROTECTED] | Subject: Re: [luau] Multiple E-Mail Accounts in KMail | | I used IMAP for years on Win with Pine,but shopping for a new ISP | (Big Island)I found very few will allow it; most claim security...they | don't want you logged on to the mail server.Even my old ISP Aloha.net | changed things and made it very painful to use IMAP,if you were reading | for a period the server would break connection,although POP3 was fast | and friendly.Mozilla supports IMAP. | | Eric Hattemer wrote: | > Any email client should put imap accounts into separate folders. I know | > OE, NS, eudora, kmail, evolution all do. See if your mail servers | > support imap. Its a neat protocol, and most mail providers prefer you | > to use it. ----snip----