Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: Crispin Cowan <crispin () cse ogi edu>
Date: Wed, 02 Dec 1998 21:48:37 +0000
Pedro A M Vazquez wrote:
Mon, Nov 30, 1998 at 01:18:26PM -0600, Rick Smith wrote:At 11:43 AM 11/27/98 -0800, Jason Axley wrote:There isn't any security in POP3. Unless you are using POP3 over SSL to encrypt the data,I like the idea of using SSL, and I can see how it would be a pretty simple rearrangement of software already available in today's bloated browser/mail reader products. But is this something that's really out there as a product, or do people have to roll their own?You may want to look for things like bjorb and stunnel http://www.hitachi-ms.co.jp/bjorb/en/ http://mike.daewoo.com.pl/computer/stunnel/ Pedro
I use SSH to tunnel my POP3 traffic. To do this, you need sshd running on the POP3 mail server, and an ssh client on the client machine. This one-line command creates a tunnel from my local port 6666 (arbitrarily chosen) to the POP host's port 110. I then tell my mail client (Netscape, in my case) to fetch mail via POP3:6666, and SSH transparently transmits that to the remote POP server's appropriate port. #!/bin/sh ssh -l crispin -f -L 6666:mailhost.cse.ogi.edu:110 mailhost.cse.ogi.edu sleep 30000 The "sleep 30000" keeps the tunnel open for 30,000 seconds (about 8 hours, my work day (hah!-)). You can get SSH from http://www.ssh.fi. For extra security against overflow attacks, you can get StackGuard-protected SSH from me here: http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ssh.html (US & Canada residents only--don't export controls suck?) Crispin ----- Crispin Cowan, Research Assistant Professor of Computer Science, OGI NEW: Protect Your Linux Host with StackGuard'd Programs :FREE http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/ Support Justice: Boycott Windows 98
Current thread:
- Re: POP3 Security Issues Rick Smith (Dec 01)
- Re: POP3 Security Issues Jason Axley (Dec 01)
- Re: POP3 Security Issues Joseph S D Yao (Dec 02)
- Re: POP3 Security Issues Doug Hughes (Dec 02)
- Re: POP3 Security Issues Nicholas Brawn (Dec 03)
- Re: POP3 Security Issues Adam Shostack (Dec 03)
- Re: POP3 Security Issues Dave Roberts (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 02)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Pedro A M Vazquez (Dec 04)
- Re: POP3 Security Issues Crispin Cowan (Dec 03)
- Re: POP3 Security Issues Markus Friedl (Dec 03)
- <Possible follow-ups>
- Re: POP3 Security Issues dreamwvr (Dec 01)
- Re: POP3 Security Issues Frederick M Avolio (Dec 01)
- Re: POP3 Security Issues Mookie (Dec 02)
- Re: POP3 Security Issues David Lang (Dec 01)
- Re: POP3 Security Issues Rodney van den Oever (Dec 01)
- Re: POP3 Security Issues Christopher Nielsen (Dec 02)
- Re: POP3 Security Issues Bruce B. Platt (Dec 01)
- Re: POP3 Security Issues Lart (Dec 01)
(Thread continues...)
- Re: POP3 Security Issues Jason Axley (Dec 01)