At 11:12 AM +0100 2/23/02, Torbjorn Astlind wrote: >Hello, >I want to open up for users external to our domain to use Eudora 5.1 >only with POP-TLS/SSL. I do not want to open up for nonencrypted >POP. All popusers use APOP from within the domain. >Please can someone give me a hint how to achive this. >Do I have to use alternat port and a firewall filter to pass the >alternate port only? >Thanks for any help and advice, >Torbjörn
Since Eudora supports STLS, there is no need to use an alternate port. You can enable both TLS/SSL and APOP in the same Qpopper. with clear-text-passwords set to TLS, users will have to use either APOP or TLS to connect. However, this would permit external users to use APOP instead of TLS. While this protects passwords, mail contents are still sent in the clear. To prevent this, you'd need to run two instances of Qpopper, one for internal users and one for external. The internal one could support both APOP and TLS (STLS), while the external one should support TLS (STLS) but not APOP, thus forcing external users to use TLS.
