On Tue, 27 Nov 2001, Johannes Verelst wrote: > Well ... if you consider IMAP insecure, what protocol do you consider > secure? What is your definition of secure protocols? Reading mail through > pine & telnet is insecure, pop3 is insecure, webmail through unencrypted > HTTP is insecure, IMAP is insecure. > > The idea of SquirrelMail is that it connects to an IMAP server at > 'localhost' (at least, that is what I presume. I tried horde/imp once and > it did exactly that). If you configure your IMAP server that it only > listends on 'localhost', you are safe for the mail part. Ofcourse, you'll > be needing SSL over HTTP to be sure that password & email remain > protected.
I consider IMAP insecure, however, I run Squirrel mail on the same machine I have the mail server on and while I am running IMAP I simply firewall it's services so that no one may access it external to the server and allow Squirrel mail to access IMAP internal (no further configuration). This allows you to run IMAP and Squirrel mail so that IMAP isn't going to get exploited... You are left with the plain text username/password vulnerable combo - yes but this is a general norm considering other mail protocols. Yea, SSL for it would be great. I heard about tests with Squirrel mail and SSL but nothing concrete - this is probably one of the main problems with it's security. Just my $0.02 centavos. Travis =-=[Travis Ogden]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ICQ UIN: #30220771 "Courage is not defined by those who AIM ID: Gen2600 fought and did not fall, but by those Email: who fought, fell, and rose again." [EMAIL PROTECTED] Website: http://www.FreeBSDFoo.com/~traviso =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=