Re: encrypted e-mail

Michael Rice Wed, 14 Apr 1999 16:26:01 -0700
> Looking through today's freshmeat, it occured to me that it
> is very easy for someone with a *nix box to read everyone's
> email on a lan and get everyone's password as well. This
> doesn't really trouble me b/c I never write anything, well,
> that needs to be encrypted over e-mail. I know pgp is an
> option, but is there a way to configure sendmail so that
> even the password/username is encrypted during the pop3
> session? (I don't need all the details, I was just wondering
> if this was possible- this may become important to me
> *sometime* in the future.) i.e. is there a way to pgp
> encrypt the username and password and have sendmail decrypt
> it? I'm quiet curious about this. Thanks.

You're a little confused -- sendmail doesn't have a notion of username and
password for any thing -- at best it verifies through one of it's rules
that the username portion of the address is valid on this system.

the Popper (ipop2d/ipop3d/qpopper) is what serves POP mail, and it's got a
tiny bit of more security using the APOP mechanism.  It doesn't, however,
use SSL (secure sockets layer) where everything is encrypted
point-to-point -- this is probably pretty trivial to include, it's just
like setting up a secure web server.  Except in this case you've got to
hack the code to both the server and client to include the SSL mechanisms
to {en,de}crypt packets.

Same with IMAP -- passwords are sent plaintext when the user goes to read
their mail.  If you read your mail on the mail host, via a "local"
mechanism (basically it just opens the mail spool file that the mail
delivery agent delivers to), then you don't have to authenticate
after getting on the system.

Another option is to use a ssh redirect, where


    HOST A               INTERNET                HOST B
 -------------         ---------------      ----------------

  You're here
   POP Client
     |
     v
  POP redirect        ---secure channel--->  Real POP Server
    via SSH                                     SSH port
                                                   |
                                                   v
                                              POP Server

_____________________   _                    _   _________________________
         Michael Rice  |_|    Collective    |_|  http://www.colltech.com
   [EMAIL PROTECTED]    |_  Technologies  _|    8007598888/8019292 pager 
           Consultant      []            []      "The Power Of Many Minds"   

---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
Re: encrypted e-mail

Reply via email to
