On Thu, Sep 24, 1998 at 09:12:33PM +0200, Miquel van Smoorenburg wrote: > >Right now we've qpopper 2.3 who gives me hundreds of warnings in the > >log about auth commands or something (APOP?) - well. > > There are two ways of authentication, apop and "standard". I think > some of your clients are first trying APOP authentication, and > then fall back to normal authentication. Just let them turn off > APOP. > > BTW, qpopper does support APOP. But it cannot use the standard > password file - you need to add accounts with the "popauth" command. > This is because passwords are encrypted in a very different way. This actually quite annoys me. APOP is essentially secure passwd vs POP3 which is not. I hope nobody else is ... for lack of a better pay to put it, foolish enough to use POP3 over open Internet. Maybe just to your ISP behind their router might be acceptable unless you're paranoid, but if your ISP is like mine and your dialup is through uu.net or something, plaintext passwds to check mail can be VERY easily exploited.
Attachment:
pgposoy7BbFnM.pgp
Description: PGP signature