On Sun, Nov 04, 2018 at 05:38:42AM -0700, Todd C. Miller wrote:
> On Sun, 04 Nov 2018 12:26:27 +0100, Walter Alejandro Iglesias wrote:
>
> > I've been assuming that running pop3d(8) from ports, listening in 995
> > only and with 110 port firewalled my passwords aren't traveling in plain
> > text. Am I assuming right?
>
> Port 995 is pop3 protocol over TLS/SSL so that should be safe enough.
Then, as an idea for Peter,
Time ago I sent a patch to Sunil Nimmagadda to allow pop3d read an
optional certs location, he corrected and committed the patch. In that
opportunity he mentioned me that he wasn't hacking pop3d anymore since
he himself stopped using it because he considered it severely limited.
Personally I like simplicity, I still use pop3d(8) but I'm not a
developer, I'm not skilled enough to hack it and maintain it.
If Peter is willing to, perhaps pop3d(8) could be a good start point.
If allowing pop connections by default through 110 port is not desirable
perhaps it would be fine to implement an only TLS pop3 daemon
(deliberately refusing non TLS connections over 110). In case this is
possible, that would be a fine simple and secure pop3 daemon for OpenBSD
base.
>
> - todd
Walter
