Re: pop before smtp ?

[ss666 () ss666 ru]

I've made alot of mailservers, and if you want to improve security really good - use SSL with your own CA as the main 
authentication subroutine. There are many types of authentification in non-ssl mode, and - frequently speaking - 
they're all almost the same from a viewpoint of security. And when you'll use it with SSL - it will be mush easier for 
you, because at client side you don't need to change authentification type via SSL. At server side you'll need to 
integrate SSL software NOT as just tunneler, but as additional verification tokens provider( i.e. OU, CN, ... ). Add 
theese tokens to your existing client entities database - and be fine. What SSL software you should use - it's a 
question of taste... I'm using OpenSSL + modified Stunnel, and it works pretty fine.