* Per-Fredrik Pollnow <[EMAIL PROTECTED]> [010726 09:40]:
> I have been looking around on the Inet to see if I could find anything
> about how I secure qmail pop3 service, but I don't have a ??? and I don't
> find a ???..
> I was wondering if anyone have some good ideas what to use or where I can
> find some information about securing qmail pop3 etc. (Right now I'm using
> qmail-pop3d on OpenBSD).
[Please wrap your lines so that I don't have to]
qmail-pop3d is secure. However, POP isn't secure, as the passwords are
sent in clear text... But qmail-pop3d can use APOP (a basic challenge-
response mechanism) if configured with a matching checkpassword. But even
with APOP, a man-in-the-middle attack is possible...
POP over SSL is one possible solution... One way to accomplish this is by
using "stunnel".
-Johan
--
Johan Almqvist
http://www.almqvist.net/johan/qmail/
PGP signature
