Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread Robert Snyder

On Sat, Nov 20, 2004, PowerMail discussions wrote:

Robert Snyder wrote:

If PowerMail supported CRAM-MD5 and/or Kerberos, it would be an
acceptable mail client.

PowerMail automatically use CRAM-MD5, if the server supports it, for SMTP
authentication. It uses plain text authentication only if the server does
not tell it supports CRAM-MD5.

Jérôme,

This is wonderful news.

And the proof is in my server's SMTP logs:

Nov 20 17:25:25 mitwc67 postfix/smtpd[16155]: 1CB363FE7B9: client=pool-
141-158-216-4.alt.east.verizon.net[141.158.216.4], sasl_method=CRAM-MD5,
sasl_username=rns3

I only wish that is was mentioned somewhere in the documentation.

I feel much better about using and recommending PM; however, I would
still like it if you could Please add the support SSl SMTP on Panther Server.

Is there any chance that you can change the SSL SMTP support to also
include port
25 using the STARTTLS command?

Since Panther server release there have been a number of requests made to
this list for that support.

Thank You for correcting my error.

Robert



Robert Snyder, Director
World Campus Data Management Services
The Pennsylvania State University
105 Mitchell Building
University Park  PA  16802
Phone: 814-865-0912  Fax: 814-865-4406
E-mail: [EMAIL PROTECTED]
URL: http://www.worldcampus.psu.edu






Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread David Gordon

Dr Dave wrote on Sat 20 Nov 2004 at 12:22 -0800

it might let
any crook gain access to all of your communications, and even impersonate
you. Like say to get your banking passwords. 

Jings, that explains all that phishing that goes on then...

I don't think.
-- 
David Gordon






Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread Dr Dave

Sure, unencrypted email is insecure. 
But is it reasonable to have to send an unprotected email password to get
to the secure level? 
That's not just about the content of your outgoing emails, it might let
any crook gain access to all of your communications, and even impersonate
you. Like say to get your banking passwords. 

in reply to ([EMAIL PROTECTED]), David Gordon's message of 11:30
AM, 11/20/04

I thought it was a Well Know Fact that email is insecure and you should
never write anything in an email which you wouldn't on a postcard.





Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread David Gordon

Robert Snyder wrote on Sat 20 Nov 2004 at 11:58 -0500

Please Make PowerMail a good security player before I am forced to move
on to another, more secure mail client! 

I thought it was a Well Know Fact that email is insecure and you should
never write anything in an email which you wouldn't on a postcard.

If security is such a Big Issue why not make your user connect over VPN?

Or what other email clients do you have in mind?

-- 
David Gordon






Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread Derry Thompson

Robert at [EMAIL PROTECTED] said on 20/11/04 4:58 pm

The Sys Admin side of me wants to ban the use of PowerMail (until it can
support either encrypted SMTP passwords or SSL SMTP using STARTTLS on
port 25).


Just as an aside, what would you use instead?

Cheers

--
Derry Thompson
g l o d e r w o r k s | Design - Hosting - Programming 
http://www.gloderworks.com
[EMAIL PROTECTED]
+ 44 (0) 1562 631430 t
+ 44 (0) 7976 802487 m








Re: Please Make PowerMail a Good Security Player

2004-11-20 Thread Mikael Byström

Robert Snyder said:

This means that I must allow my users to send their system passwords over
the network in the clear if they want to use PowerMail as their mail client. 

Robert, 
I was not aware of this as I haven't investigated PowerMail in that
department. However, I too would hesitate to recommend PM to clients and
friends alike, before this problem is given a solution.
I'm so satsified with PM 5.1 from a mere user standpoint, that I think
this issue should be way up there in the PowerMail to do list of CTM Dev.
Let's hope CTM agrees.

PM 5.1 | OS X 10.3.6 | Powerbook G4/400 | 768 MB RAM | 30 GB HD