Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available

To: debian-devel@lists.debian.org
Subject: Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
From: Andreas Barth <aba@not.so.argh.org>
Date: Wed, 1 Dec 2004 12:46:35 +0100
Message-id: <[🔎] 20041201114635.GF14481@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 1101901087.8205.138.camel@haggis.homelan>
References: <[🔎] E1CZSHt-0004Y0-N4@sledge.mossbank.org.uk> <[🔎] 1101899853.8205.122.camel@haggis.homelan> <[🔎] 20041201112513.GB5896@hezmatt.org> <[🔎] 1101901087.8205.138.camel@haggis.homelan>

* Ron Johnson (ron.l.johnson@cox.net) [041201 12:40]:
> On Wed, 2004-12-01 at 22:25 +1100, Matthew Palmer wrote:
> > On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote:
> > > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote:
> > > > So, let me get this straight - fakepop will allow people to log in
> > > > (using their username and password) in the clear and THEN tell them
> > > > that they should have used POP over SSL instead. Quite how is this
> > > > better than "connection refused"?

> > > Read the description:
> > > "You can customize messages in /etc/fakepop/ directory to teach 
> > > your users how they should configure their mail clients to use 
> > > pop3-ssl instead of pop3"

> > So I can put "All your mail is belong to us" in my /etc/fakepop/ directory,
> > so that people know that their passwords *have* been successfully sent in
> > the clear before being told to reconfigure their mail client?  Well, *I'm*
> > comforted.
 
> But since the password isn't valid, does it make much difference?
> 
> For example, my pop3 password isn't the same as my GnuPG passphrase.

Well, but the probability that users who mis-use pop3 instead of
pop3-ssl use their pop3-ssl password for pop3 is quite high.


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to:

Follow-Ups:
- Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
  - From: Josh Metzler <joshdeb@metzlers.org>

References:
- Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
  - From: Steve McIntyre <steve@einval.com>
- Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
Next by Date: Re: Bug#283578: ITP: hot-babe -- erotic graphical system activity monitor
Previous by thread: Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
Next by thread: Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
Index(es):
- Date
- Thread