I've experimented. I've read the FAQ. I've browsed the manual. I've googled. I've noticed the list-archive isn't searchable. I give up.
How can I make qpopper reject cleartext passwords except when in a TLS session? TLS is working: Mar 4 16:24:20 nynaeve in.qpopper[24178]: (v4.0.3) TLSv1/SSLv3 handshake with client at eddy.klopper.net (192.168.1.4); ew session-id; cipher: RC4-SHA (RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1), 128 bits However, it still allows: root@sarucity:/etc# telnet nynaeve 110 Trying 192.168.1.2... Connected to nynaeve.klopper.net. Escape character is '^]'. +OK Qpopper (version 4.0.3) at nynaeve.klopper.net starting. USER eddy +OK Password required for eddy. PASS mypasswordhere +OK eddy has 0 visible messages (0 hidden) in 0 octets. Not good. My /etc/qpopper.cfg says set clear-text-password = tls <-- PLEASE OBSERVE! set tls-support = stls My /etc/inetd.conf is set up as follows: pop-3 stream tcp nowait root /usr/sbin/tcpd \ /usr/sbin/in.qpopper -f /etc/qpopper.conf What gives? -- "That which does not kill me, simply postpones the inevitable." Eddy L O Jansson | http://gazonk.org/~eloj
