Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POP3 Security Issues

From: Doug Hughes <Doug.Hughes () Eng Auburn EDU>
Date: Wed, 2 Dec 1998 08:52:20 -0600



 Jason Axley wrote:


As for Nicholas Brawn's question about other clients (including
fetchmail), I don't know of any, but I haven't looked.  Did you roll
the SSL into qpopper yourself, or are patches readily available for
that?  Does it use SSLeay?  I'm interested!

For those who think that APOP solves the problem; it may solve the
password in the clear problem, but it still allows your company's
private emails to go across the public Internet in the clear and still
allows for your TCP session to be hijacked--two problems solved by SSL.
APOP isn't even supported by the Netscape messenger email client
(don't think by outlook express either).  Eudora may be the only
widely-used client that does (although you can't get it for free like
outlook express or Netscape messenger, can you?)



Outlook express does, but it doesn't call it APOP. It's just
a anonymous checkbox buried somewhere that says enable security or something
like that. It, effectively, is APOP though. Those are the only two wide-spread
clients I know that will do APOP (eudora, outlook express)

I'm interested in the SSL -> qpopper integration as well. I hadn't seen
this before.

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug () eng auburn edu
Previous By Date Next
Previous By Thread Next

Current thread: