Using stunnel:
stunnel -d 995 -r localhost:pop3 -p /usr/local/etc/stunnel.pem
Change the last argument to the path your private key/cert PEM file.
Only downside is your pop3 logs now show the logins from 127.0.0.1.
Ken Jones writes:
> Thanks. I'm reading the url now.
>
> I think I confuse
For the record on FreeBSD systems!
The use of DES/MD5 is controlled entirely by the crypt libraries. Vpopmail
doesn't control the use of DES/MD5 passwords. If you dig through the source
you can see that it sends the entire crypted password as the crypt key. ie..
crypt( 'joeblow', 'hJPcq6ffTNHuI
Damon Muller wrote:
>
> On Wed, Jan 17, 2001 at 02:31:17PM -0600, Ken Jones wrote:
>
> > Could you post a url to the fetchmail docs on ssh tunnel?
>
> http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#K3
>
> > Or better yet post the startup line for tcpserver/vpopmail/ssh tunnel.
>
> It
On Wed, Jan 17, 2001 at 02:31:17PM -0600, Ken Jones wrote:
> Could you post a url to the fetchmail docs on ssh tunnel?
http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#K3
> Or better yet post the startup line for tcpserver/vpopmail/ssh tunnel.
It's a per-user thing, not a change to th
To everyone on the vchkpw mailing list:
If anyone knows of a way to force vpopmail to use MD5, please let me know.
> -Original Message-
> From: Tamer Hassan [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 16, 2001 8:24 PM
> To: Matt Simerson
> Subject: Re: vchkpw lacking authentication security
>
> Dear Mattt,
>
> Matt Simerson writes:
>
> > I can't se
Damon Muller wrote:
>
> On Tue, Jan 16, 2001 at 06:08:56AM +, Tim Hassan wrote:
>
> > No matter how long you set the password to when adding a new user, only the
> > first 8 characters of the password are used. So for example, if I do:
> >
> > ./vadduser [EMAIL PROTECTED] this-is-hard-to-gue
- Original Message -
From: "Matt Simerson" <[EMAIL PROTECTED]>
To: "'Tim Hassan'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, January 16, 2001 9:18 PM
Subject: RE: vchkpw lacking authentication security
> I can'
Damon Muller <[EMAIL PROTECTED]> writes:
> This is standard Unix crypt behaviour. Unless you are using MD5
> passwords on your system (or Blowfish, I believe, on OpenBSD), then
> your system accounts will show the same behaviour.
> There is probably a way to force vpopmail to use MD5 if the syst
ED]; [EMAIL PROTECTED]
> Subject: vchkpw lacking authentication security
>
>
>
> Dear Inter7 Developer:
>
> I recently discovered the following security drawback in
> vpopmail with vchkpw authentication:
>
> No matter how long you set the password to when adding
On Tue, Jan 16, 2001 at 06:08:56AM +, Tim Hassan wrote:
> No matter how long you set the password to when adding a new user, only the
> first 8 characters of the password are used. So for example, if I do:
>
> ./vadduser [EMAIL PROTECTED] this-is-hard-to-guess-234234235-23423
>
> and th
Dear Inter7 Developer:
I recently discovered the following security drawback in vpopmail with
vchkpw authentication:
No matter how long you set the password to when adding a new user, only the
first 8 characters of the password are used. So for example, if I do:
./vadduser [EMAIL PROTECTE
12 matches
Mail list logo
