Re: Please Make PowerMail a Good Security Player
On Sat, Nov 20, 2004, PowerMail discussions wrote: Robert Snyder wrote: If PowerMail supported CRAM-MD5 and/or Kerberos, it would be an acceptable mail client. PowerMail automatically use CRAM-MD5, if the server supports it, for SMTP authentication. It uses plain text authentication only if the server does not tell it supports CRAM-MD5. Jérôme, This is wonderful news. And the proof is in my server's SMTP logs: Nov 20 17:25:25 mitwc67 postfix/smtpd[16155]: 1CB363FE7B9: client=pool- 141-158-216-4.alt.east.verizon.net[141.158.216.4], sasl_method=CRAM-MD5, sasl_username=rns3 I only wish that is was mentioned somewhere in the documentation. I feel much better about using and recommending PM; however, I would still like it if you could Please add the support SSl SMTP on Panther Server. Is there any chance that you can change the SSL SMTP support to also include port 25 using the STARTTLS command? Since Panther server release there have been a number of requests made to this list for that support. Thank You for correcting my error. Robert Robert Snyder, Director World Campus Data Management Services The Pennsylvania State University 105 Mitchell Building University Park PA 16802 Phone: 814-865-0912 Fax: 814-865-4406 E-mail: [EMAIL PROTECTED] URL: http://www.worldcampus.psu.edu
Re: Please Make PowerMail a Good Security Player
Dr Dave wrote on Sat 20 Nov 2004 at 12:22 -0800 it might let any crook gain access to all of your communications, and even impersonate you. Like say to get your banking passwords. Jings, that explains all that phishing that goes on then... I don't think. -- David Gordon
Re: Please Make PowerMail a Good Security Player
Sure, unencrypted email is insecure. But is it reasonable to have to send an unprotected email password to get to the secure level? That's not just about the content of your outgoing emails, it might let any crook gain access to all of your communications, and even impersonate you. Like say to get your banking passwords. in reply to ([EMAIL PROTECTED]), David Gordon's message of 11:30 AM, 11/20/04 I thought it was a Well Know Fact that email is insecure and you should never write anything in an email which you wouldn't on a postcard.
Re: Please Make PowerMail a Good Security Player
Robert Snyder wrote on Sat 20 Nov 2004 at 11:58 -0500 Please Make PowerMail a good security player before I am forced to move on to another, more secure mail client! I thought it was a Well Know Fact that email is insecure and you should never write anything in an email which you wouldn't on a postcard. If security is such a Big Issue why not make your user connect over VPN? Or what other email clients do you have in mind? -- David Gordon
Re: Please Make PowerMail a Good Security Player
Robert at [EMAIL PROTECTED] said on 20/11/04 4:58 pm The Sys Admin side of me wants to ban the use of PowerMail (until it can support either encrypted SMTP passwords or SSL SMTP using STARTTLS on port 25). Just as an aside, what would you use instead? Cheers -- Derry Thompson g l o d e r w o r k s | Design - Hosting - Programming http://www.gloderworks.com [EMAIL PROTECTED] + 44 (0) 1562 631430 t + 44 (0) 7976 802487 m
Re: Please Make PowerMail a Good Security Player
Robert Snyder said: This means that I must allow my users to send their system passwords over the network in the clear if they want to use PowerMail as their mail client. Robert, I was not aware of this as I haven't investigated PowerMail in that department. However, I too would hesitate to recommend PM to clients and friends alike, before this problem is given a solution. I'm so satsified with PM 5.1 from a mere user standpoint, that I think this issue should be way up there in the PowerMail to do list of CTM Dev. Let's hope CTM agrees. PM 5.1 | OS X 10.3.6 | Powerbook G4/400 | 768 MB RAM | 30 GB HD