pop3
Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Hi Moe, All POP3 services are not safe, because they send plain-text login and password. And your login/password could be the same of your shell acount, so people can sniff it and use it to telnet to your machine. You could try package qpopper that supports APOP autentication that does not send the password in plain text. It also suport to use diferent passwords for pop and shell services. after installing it, read man popauth and man popper. In this case, the client should also support APOP protocol. I don't know about ssh, but there should be some pop over ssh/ssl service that is safer. Another option could be installing a webmail service over https in this machine - but this is not a pop service; that's webmail. In this case, try imp and apache-ssl packages. I hope this will help you. Pedro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
solid-POP3 has support for encryption on login (not sure about mail transfer). I haven't tried it out yet, but i know its there. Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. Here is one decent one: http://www.openwall.com/popa3d/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On 20010729.2024, Pedro Zorzenon Neto said ... On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. I don't know about ssh, but there should be some pop over ssh/ssl service that is safer. I currently have fetchmail opening up a SSH tunnel, and get my mail via popa3d. I'll attach relavent scripts... /home/user/.fetchmailrc: --- poll cogit8.org via localhost protocol pop3 port 12574: preconnect ssh -C -f -L 12574:cogit8.org:110 cogit8.org sleep 10 password your_password; I guess that's it. This basically says, preconnect (do this before fetching mail) open a SSH channel from server cogit8.org port 110 to localhost port 12574 (arbitrary port number), wait 10 seconds for fetchmail to get in there. then, fetchmail on localhost port 12574. If the tunnel ends -- the 10 seconds is up, the tunnel will stay open until no more bits are flowing thru it. The password in the .fetchmailrc file is your pop/login password. It is sent encrypted since you tunnel it thru the SSH connection. One thing I did was put my identity.pub file in my ~/.ssh/authorized_keys file so that fetching my mail didn't require me to supply a password for SSH to open it's tunnel. Oh, and I chose popa3d simple because the email server at work used the same pop daemon. -Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pedro == Pedro Zorzenon Neto [EMAIL PROTECTED] writes: Pedro On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Pedro Hi Moe, Pedro All POP3 services are not safe, because they send plain-text Pedro login and password. And your login/password could be the same of Pedro your shell acount, so people can sniff it and use it to telnet to Pedro your machine. It seems like you can do POP3 over SSL. I've never used it, but the sysadmins where I work are pretty anal about security (a good thing), and they just enabled POP3 and IMAP mail over SSL on the mail server. PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? - -- Hubert Chan [EMAIL PROTECTED] - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/651854DF71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7ZKbmZRhU33H9o38RApQcAKCkRd+Zn2geNVgo1I0MHKOcqPE3+QCdFN6a N91owkuJKT68lLbw52Zq75g= =6WAg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On Sun, Jul 29, 2001 at 06:14:49PM -0600, Hubert Chan wrote: PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? Probably because mutt uses an external editor, in my case vim. You have to add something like these lines to your ~/.vimrc for it to wrap automatically: augroup muttmail au! autocmd BufRead /tmp/mutt-* set textwidth=70 augroup END -- Adam Olsen, aka Rhamphoryncus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On Sun, Jul 29, 2001 at 06:14:49PM -0600, Hubert Chan wrote: PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? not configuring $EDITOR correctly. mutt doesn't have an editor, it uses vi, emacs or whatever you set $EDITOR to. for emacs add this to your ~/.emacs: (setq auto-mode-alist (cons '(/tmp/mutt* . auto-fill-mode) auto-mode-alist)) -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: pop3
PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? You have to set it manually, and a lot of people probably just don't know how. -- Andrew Sione Taumoefolau [EMAIL PROTECTED] http://users.pipeline.com.au/tonga/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
pop3
Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install.
Re: pop3
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Hi Moe, All POP3 services are not safe, because they send plain-text login and password. And your login/password could be the same of your shell acount, so people can sniff it and use it to telnet to your machine. You could try package qpopper that supports APOP autentication that does not send the password in plain text. It also suport to use diferent passwords for pop and shell services. after installing it, read man popauth and man popper. In this case, the client should also support APOP protocol. I don't know about ssh, but there should be some pop over ssh/ssl service that is safer. Another option could be installing a webmail service over https in this machine - but this is not a pop service; that's webmail. In this case, try imp and apache-ssl packages. I hope this will help you. Pedro
Re: pop3
solid-POP3 has support for encryption on login (not sure about mail transfer). I haven't tried it out yet, but i know its there. Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On 20010729.2024, Pedro Zorzenon Neto said ... On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. I don't know about ssh, but there should be some pop over ssh/ssl service that is safer. I currently have fetchmail opening up a SSH tunnel, and get my mail via popa3d. I'll attach relavent scripts... /home/user/.fetchmailrc: --- poll cogit8.org via localhost protocol pop3 port 12574: preconnect ssh -C -f -L 12574:cogit8.org:110 cogit8.org sleep 10 password your_password; I guess that's it. This basically says, preconnect (do this before fetching mail) open a SSH channel from server cogit8.org port 110 to localhost port 12574 (arbitrary port number), wait 10 seconds for fetchmail to get in there. then, fetchmail on localhost port 12574. If the tunnel ends -- the 10 seconds is up, the tunnel will stay open until no more bits are flowing thru it. The password in the .fetchmailrc file is your pop/login password. It is sent encrypted since you tunnel it thru the SSH connection. One thing I did was put my identity.pub file in my ~/.ssh/authorized_keys file so that fetching my mail didn't require me to supply a password for SSH to open it's tunnel. Oh, and I chose popa3d simple because the email server at work used the same pop daemon. -Rob
Re: pop3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pedro == Pedro Zorzenon Neto [EMAIL PROTECTED] writes: Pedro On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Pedro Hi Moe, Pedro All POP3 services are not safe, because they send plain-text Pedro login and password. And your login/password could be the same of Pedro your shell acount, so people can sniff it and use it to telnet to Pedro your machine. It seems like you can do POP3 over SSL. I've never used it, but the sysadmins where I work are pretty anal about security (a good thing), and they just enabled POP3 and IMAP mail over SSL on the mail server. PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? - -- Hubert Chan [EMAIL PROTECTED] - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/651854DF71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7ZKbmZRhU33H9o38RApQcAKCkRd+Zn2geNVgo1I0MHKOcqPE3+QCdFN6a N91owkuJKT68lLbw52Zq75g= =6WAg -END PGP SIGNATURE-
Re: pop3
On Sun, Jul 29, 2001 at 02:13:17PM -0600, Moe Harley wrote: Thought i'd ask what the general opinion is on the most secure pop3 daemon. I need to install a pop3 damon on my debian machine, but I wanted to get a good idea from you guys on which one to install. Greetings, I use cucipop wrapped with SSL, using stunnel. On the client side this requires fetchmail-ssl. BTW, I don't normally store my password in the configuration file, but rather enter it interactively. Regards, Yotam Rubin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pop3
On Sun, Jul 29, 2001 at 06:14:49PM -0600, Hubert Chan wrote: PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? Probably because mutt uses an external editor, in my case vim. You have to add something like these lines to your ~/.vimrc for it to wrap automatically: augroup muttmail au! autocmd BufRead /tmp/mutt-* set textwidth=70 augroup END -- Adam Olsen, aka Rhamphoryncus
Re: pop3
On Sun, Jul 29, 2001 at 06:14:49PM -0600, Hubert Chan wrote: PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? not configuring $EDITOR correctly. mutt doesn't have an editor, it uses vi, emacs or whatever you set $EDITOR to. for emacs add this to your ~/.emacs: (setq auto-mode-alist (cons '(/tmp/mutt* . auto-fill-mode) auto-mode-alist)) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpJryxUPP8V8.pgp Description: PGP signature
Re: pop3
PS. Please wrap your lines at 72-ish characters. Hmm. I've seen a lot of mutt users with un-wrapped lines. I would've expected that from a GUI mail reader like Mozilla, but not from a proper mailreader like mutt. Anyone know why? You have to set it manually, and a lot of people probably just don't know how. -- Andrew Sione Taumoefolau [EMAIL PROTECTED] http://users.pipeline.com.au/tonga/