Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote:
> On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote:
> > pzn writes:
> > >Package: wnpp
> > >Severity: wishlist
> > >
> > >* Package name : fakepop
> > > Version : 7
> > > Upstream Author : Pedro Zorzenon Neto <pzn@debian.org>
> > >* URL : http://vztech.com.br/software/fakepop/
> > >* License : GPL
> > > Description : fake pop3 server to warn users that only pop3-ssl is available
> > >
> > >fakepop is a fake pop3 daemon. It returns always the same messages to
> > >all users, it does not care about usernames and passwords. All user/pass
> > >combinations are accepted.
> > >
> > >Why use fakepop: the main purpose of fakepop is to advice users that
> > >your server only accepts pop3-ssl and they have wrongly configured pop3
> > >without ssl. You can customize messages in /etc/fakepop/ directory to
> > >teach your users how they should configure their mail clients to use
> > >pop3-ssl instead of pop3
> >
> > So, let me get this straight - fakepop will allow people to log in
> > (using their username and password) in the clear and THEN tell them
> > that they should have used POP over SSL instead. Quite how is this
> > better than "connection refused"?
>
> Read the description:
> "You can customize messages in /etc/fakepop/ directory to teach
> your users how they should configure their mail clients to use
> pop3-ssl instead of pop3"
But the password have already been sent in cleartext, hasn't it ?
--
Finn-Arne Johansen
faj@bzz.no
http://bzz.no/
Reply to: