Firewall Wizards mailing list archives
Re: POP3 Security Issues
From: Nicholas Brawn <ncb () okugi com>
Date: Sun, 29 Nov 1998 20:32:18 -0600 (CST)
On Fri, 27 Nov 1998, Jason Axley wrote:
There isn't any security in POP3. Unless you are using POP3 over SSL to encrypt the data, you will be allowing people's unencrypted email, logins, passwords to traverse the Internet. You probably shouldn't do that. If you allow people to come across the Internet, connect to your proxy, log in to the POP3 proxy, to check their email, some attacker could grab the logins and passwords as they're typed in and use them to log in themselves--perhaps gaining access to other resources on your network that accept the same logins and passwords. -Jason
Speaking of pop3 over SSL, is anyone aware of mail clients or pop3 retrievers (Unix and/or Windows) that support it? The reason I'm asking is that i've recently plugged SSL into qpopper (2.53), and want to know whether I need to patch something like fetchmail, or whether there's something out there already that will do the job. Cheers, Nick
Current thread:
- POP3 Security Issues mreiter (Nov 27)
- Re: POP3 Security Issues Jason Axley (Nov 29)
- Re: POP3 Security Issues Nicholas Brawn (Nov 30)
- Re: POP3 Security Issues klynn (Nov 30)
- Re: POP3 Security Issues Frederick M Avolio (Nov 29)
- Re: POP3 Security Issues Jan B. Koum (Nov 30)
- Re: POP3 Security Issues Ian Poynter (Nov 29)
- <Possible follow-ups>
- Re: POP3 Security Issues Steven M. Bellovin (Nov 29)
- Re: POP3 Security Issues reynhout (Nov 29)
- Re: POP3 Security Issues Jason Axley (Nov 29)