Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
* Ron Johnson (firstname.lastname@example.org) [041201 12:40]:
> On Wed, 2004-12-01 at 22:25 +1100, Matthew Palmer wrote:
> > On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote:
> > > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote:
> > > > So, let me get this straight - fakepop will allow people to log in
> > > > (using their username and password) in the clear and THEN tell them
> > > > that they should have used POP over SSL instead. Quite how is this
> > > > better than "connection refused"?
> > > Read the description:
> > > "You can customize messages in /etc/fakepop/ directory to teach
> > > your users how they should configure their mail clients to use
> > > pop3-ssl instead of pop3"
> > So I can put "All your mail is belong to us" in my /etc/fakepop/ directory,
> > so that people know that their passwords *have* been successfully sent in
> > the clear before being told to reconfigure their mail client? Well, *I'm*
> > comforted.
> But since the password isn't valid, does it make much difference?
> For example, my pop3 password isn't the same as my GnuPG passphrase.
Well, but the probability that users who mis-use pop3 instead of
pop3-ssl use their pop3-ssl password for pop3 is quite high.
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C