ARRGGHH - more database issues
OK-- After finally getting a new drive for my PB G4 (the internal had gone bad SMART status failing), I am tryign to get PM up and running again. I have downloaded and installed 5.1 and registered it. Then I copied over my powermail files and launched, holding down optapple to get the PM first aid. I checked all the options, and it ran through everything fairly successfully until it was almost done with Checking COnsistency... at which point it hung for a while and then gave me: An error occurred while opening user's files Uncaught exception type any help much appreciated. M
Re: Please Make PowerMail a Good Security Player
On Sat, Nov 20, 2004, PowerMail discussions wrote: Robert Snyder wrote: If PowerMail supported CRAM-MD5 and/or Kerberos, it would be an acceptable mail client. PowerMail automatically use CRAM-MD5, if the server supports it, for SMTP authentication. It uses plain text authentication only if the server does not tell it supports CRAM-MD5. Jérôme, This is wonderful news. And the proof is in my server's SMTP logs: Nov 20 17:25:25 mitwc67 postfix/smtpd[16155]: 1CB363FE7B9: client=pool- 141-158-216-4.alt.east.verizon.net[141.158.216.4], sasl_method=CRAM-MD5, sasl_username=rns3 I only wish that is was mentioned somewhere in the documentation. I feel much better about using and recommending PM; however, I would still like it if you could Please add the support SSl SMTP on Panther Server. Is there any chance that you can change the SSL SMTP support to also include port 25 using the STARTTLS command? Since Panther server release there have been a number of requests made to this list for that support. Thank You for correcting my error. Robert Robert Snyder, Director World Campus Data Management Services The Pennsylvania State University 105 Mitchell Building University Park PA 16802 Phone: 814-865-0912 Fax: 814-865-4406 E-mail: [EMAIL PROTECTED] URL: http://www.worldcampus.psu.edu
Re: Please Make PowerMail a Good Security Player
Dr Dave wrote on Sat 20 Nov 2004 at 12:22 -0800 it might let any crook gain access to all of your communications, and even impersonate you. Like say to get your banking passwords. Jings, that explains all that phishing that goes on then... I don't think. -- David Gordon
Re: powermail-discuss Digest #1977 - 11/20/04
On Sat, Nov 20, 2004, PowerMail discussions wrote: Robert at [EMAIL PROTECTED] said on 20/11/04 4:58 pm The Sys Admin side of me wants to ban the use of PowerMail (until it can support either encrypted SMTP passwords or SSL SMTP using STARTTLS on port 25). Just as an aside, what would you use instead? Derry, Our University has a site license for Eudora, so it is free for me to use. However, I use PowerMail for a number of reasons, not the lease of which is that PM adopted and delivered a stable OS X version much earlier that Eudora. Robert Robert Snyder, Director World Campus Data Management Services The Pennsylvania State University 105 Mitchell Building University Park PA 16802 Phone: 814-865-0912 Fax: 814-865-4406 E-mail: [EMAIL PROTECTED] URL: http://www.worldcampus.psu.edu
Re: Please Make PowerMail a Good Security Player
Sure, unencrypted email is insecure. But is it reasonable to have to send an unprotected email password to get to the secure level? That's not just about the content of your outgoing emails, it might let any crook gain access to all of your communications, and even impersonate you. Like say to get your banking passwords. in reply to ([EMAIL PROTECTED]), David Gordon's message of 11:30 AM, 11/20/04 I thought it was a Well Know Fact that email is insecure and you should never write anything in an email which you wouldn't on a postcard.
Re: Please Make PowerMail a Good Security Player
Robert Snyder wrote on Sat 20 Nov 2004 at 11:58 -0500 Please Make PowerMail a good security player before I am forced to move on to another, more secure mail client! I thought it was a Well Know Fact that email is insecure and you should never write anything in an email which you wouldn't on a postcard. If security is such a Big Issue why not make your user connect over VPN? Or what other email clients do you have in mind? -- David Gordon
Re: Please Make PowerMail a Good Security Player
Robert at [EMAIL PROTECTED] said on 20/11/04 4:58 pm The Sys Admin side of me wants to ban the use of PowerMail (until it can support either encrypted SMTP passwords or SSL SMTP using STARTTLS on port 25). Just as an aside, what would you use instead? Cheers -- Derry Thompson g l o d e r w o r k s | Design - Hosting - Programming http://www.gloderworks.com [EMAIL PROTECTED] + 44 (0) 1562 631430 t + 44 (0) 7976 802487 m
Re: Please Make PowerMail a Good Security Player
Robert Snyder said: This means that I must allow my users to send their system passwords over the network in the clear if they want to use PowerMail as their mail client. Robert, I was not aware of this as I haven't investigated PowerMail in that department. However, I too would hesitate to recommend PM to clients and friends alike, before this problem is given a solution. I'm so satsified with PM 5.1 from a mere user standpoint, that I think this issue should be way up there in the PowerMail to do list of CTM Dev. Let's hope CTM agrees. PM 5.1 | OS X 10.3.6 | Powerbook G4/400 | 768 MB RAM | 30 GB HD
Please Make PowerMail a Good Security Player
As both a system administer and a PowerMail user, I am at a cross roads with PowerMail. I have used PowerMail for over four years, purchasing upgrades as those have come up. I like it a lot. I have been pleased with the advances that PowerMail has made (the search engine and html rendering upgrades) and I like that PowerMail allows me to use plain text as my default for sending and receiving. However, as a system administrator, concerned about the security of my mail server, I am at my wits end with the how PowerMail handles Password Authentication of SMTP and SSL SMTP. Since most of my mail server users have laptops and they connect from a broad array of networks, I cannot nail down SMTP relay to just specific networks. I need to rely on Authenticated SMTP. PowerMail supports this, but only using unsecured, clear text passwords. This means that I must allow my users to send their system passwords over the network in the clear if they want to use PowerMail as their mail client. We have completely blocked all FTP traffic on our networks because of the clear-text password problem inherent with FTP. If PowerMail supported CRAM-MD5 and/or Kerberos, it would be an acceptable mail client. However, I could get over the clear text SMTP password authentication if only the SSL support was not limited to SSL on a separate port. I run OS X Server 10.3.6 on my mail server and have it configured for SSL on SMTP, POP, and IMAP. However, OS X Server 10.3.x and above support SSL on port 25 using the STARTTLS command. This means that my PowerMail users can encrypt the whole transaction including the password the send to retrieve mail from my POP and IMAP server, BUT they have to send their password in the clear when they send mail. The Sys Admin side of me wants to ban the use of PowerMail (until it can support either encrypted SMTP passwords or SSL SMTP using STARTTLS on port 25). The PowerMail side of me wants to give a blind eye to this security breach. I have over a gig of compressed mail messages in my current account, and have archived another gig. I love how fast I can search on my mail to find relevant messages. PowerMail Engineering, PLEASE help me out. I am guessing that updating the code to allow SSL SMTP using STARTTLS on port 25 is the easier of the two paths to being a good security player. It would also encrypt the whole SMTP transaction. It would also be my preference, but I would happily take CRAM-MD5 support on the password. Please Make PowerMail a good security player before I am forced to move on to another, more secure mail client! Sincerely, Robert Snyder PowerMail User and System Administrator Robert Snyder, Director World Campus Data Management Services The Pennsylvania State University 105 Mitchell Building University Park PA 16802 Phone: 814-865-0912 Fax: 814-865-4406 E-mail: [EMAIL PROTECTED] URL: http://www.worldcampus.psu.edu
