Damon Muller wrote:
On Wed, Jan 17, 2001 at 02:31:17PM -0600, Ken Jones wrote:
Could you post a url to the fetchmail docs on ssh tunnel?
http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#K3
Or better yet post the startup line for tcpserver/vpopmail/ssh tunnel.
It's a
For the record on FreeBSD systems!
The use of DES/MD5 is controlled entirely by the crypt libraries. Vpopmail
doesn't control the use of DES/MD5 passwords. If you dig through the source
you can see that it sends the entire crypted password as the crypt key. ie..
crypt( 'joeblow',
Using stunnel:
stunnel -d 995 -r localhost:pop3 -p /usr/local/etc/stunnel.pem
Change the last argument to the path your private key/cert PEM file.
Only downside is your pop3 logs now show the logins from 127.0.0.1.
Ken Jones writes:
Thanks. I'm reading the url now.
I think I confused
On Wed, Jan 17, 2001 at 02:31:17PM -0600, Ken Jones wrote:
Could you post a url to the fetchmail docs on ssh tunnel?
http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#K3
Or better yet post the startup line for tcpserver/vpopmail/ssh tunnel.
It's a per-user thing, not a change to the
- Original Message -
From: "Matt Simerson" [EMAIL PROTECTED]
To: "'Tim Hassan'" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 16, 2001 9:18 PM
Subject: RE: vchkpw lacking authentication security
I can't see how that could possibly be construed as
Damon Muller wrote:
On Tue, Jan 16, 2001 at 06:08:56AM +, Tim Hassan wrote:
No matter how long you set the password to when adding a new user, only the
first 8 characters of the password are used. So for example, if I do:
./vadduser [EMAIL PROTECTED]
On Tue, Jan 16, 2001 at 06:08:56AM +, Tim Hassan wrote:
No matter how long you set the password to when adding a new user, only the
first 8 characters of the password are used. So for example, if I do:
./vadduser [EMAIL PROTECTED] this-is-hard-to-guess-234234235-23423
and then I
I can't see how that could possibly be construed as a security drawback. POP
is inherently insecure in the first place (sending clear text passwords
across the net) and password sniffing is much more of a problem (and the
easiest way to collect passwords) than people cracking passwords.
So,
Damon Muller [EMAIL PROTECTED] writes:
This is standard Unix crypt behaviour. Unless you are using MD5
passwords on your system (or Blowfish, I believe, on OpenBSD), then
your system accounts will show the same behaviour.
There is probably a way to force vpopmail to use MD5 if the system
