Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: Nicholas Brawn <ncb () okugi com>
Date: Wed, 2 Dec 1998 19:33:27 -0600 (CST)
On Wed, 2 Dec 1998, Doug Hughes wrote:
Jason Axley wrote:As for Nicholas Brawn's question about other clients (including fetchmail), I don't know of any, but I haven't looked. Did you roll the SSL into qpopper yourself, or are patches readily available for that? Does it use SSLeay? I'm interested!
I must have missed Jason's earlier email. Yes it does use SSLeay, I wrote the patches myself, and best of all - i'm not located in the US. :) [snip]
I'm interested in the SSL -> qpopper integration as well. I hadn't seen this before.
The current implemenation of mine is very "hacky". I initially set it up so that the server listens for incoming SSL connections, and failing that, switches to a non-SSL connection. The problem with that is that it requires the mail clients/retrievers to effectively "test" the server. However we want the server to be smart, not the client. My current version runs in either SSL or non-SSL mode, and displays something along the lines of "Non-SSL connections are not allowed" before disconnecting when someone tries to retrieve mail over a non-SSL connection.
-- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug () eng auburn edu
Cheers, Nick
Current thread:
- Re: POP3 Security Issues Rick Smith (Dec 01)
- Re: POP3 Security Issues Jason Axley (Dec 01)
- Re: POP3 Security Issues Joseph S D Yao (Dec 02)
- Re: POP3 Security Issues Doug Hughes (Dec 02)
- Re: POP3 Security Issues Nicholas Brawn (Dec 03)
- Re: POP3 Security Issues Adam Shostack (Dec 03)
- Re: POP3 Security Issues Dave Roberts (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 02)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 04)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Markus Friedl (Dec 03)
- <Possible follow-ups>
- Re: POP3 Security Issues dreamwvr (Dec 01)
- Re: POP3 Security Issues Frederick M Avolio (Dec 01)
- Re: POP3 Security Issues Mookie (Dec 02)
- Re: POP3 Security Issues David Lang (Dec 01)
(Thread continues...)
- Re: POP3 Security Issues Jason Axley (Dec 01)