Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pop before smtp ?

From: ChayoteMu <chayotemu () gmail com>
Date: Tue, 12 Jul 2005 20:23:56 -0700
This isn't as much a security viewpoint, but from a tech support
standpoint. I worked for a web hosting company that was, by my guess,
about 70% personal sites and the rest commercial ones (even though
they yelled louder) and we used pop before smtp. One of the biggest
e-mail issues we had were people not recieving e-mail before sending
it and wanting to know what was going on. Where I work now we use SASL
and it makes things a good deal easier because we know that's the
issue if they cannot send e-mail, with pop before smtp we had to
troubleshoot for a bit before we could determine that. Also keep in
mind if you make changes the average customer (at least by what I've
seen) won't notice until things break, then they'll be mad at you
(well the tech on the line) that it's broken. I've been a phone monkey
for a year and have to mention that. I do like the idea of using
either one and sending e-mails to the customers letting them know
you're switching to one of them in X amount of time, that way if they
don't the tech can feel better by telling the customer how many
e-mails were sent with explicit directions. :-D

On 12 Jul 2005 09:53:51 -0000, ss666 () ss666 ru <ss666 () ss666 ru> wrote:

I've made alot of mailservers, and if you want to improve security really good - use SSL with your own CA as the main 
authentication subroutine. There are many types of authentification in non-ssl mode, and - frequently speaking - 
they're all almost the same from a viewpoint of security. And when you'll use it with SSL - it will be mush easier 
for you, because at client side you don't need to change authentification type via SSL. At server side you'll need to 
integrate SSL software NOT as just tunneler, but as additional verification tokens provider( i.e. OU, CN, ... ). Add 
theese tokens to your existing client entities database - and be fine. What SSL software you should use - it's a 
question of taste... I'm using OpenSSL + modified Stunnel, and it works pretty fine.




-- 
ChayoteMu

"To catch a thief, think like a thief. To catch a master thief, be a
master thief."
Previous By Date Next
Previous By Thread Next

Current thread: