Re: Bug#283751: ITP: fakepop -- fake pop3 server to warn users that only pop3-ssl is available
On Wednesday 01 December 2004 06:46 am, Andreas Barth wrote:
> * Ron Johnson (firstname.lastname@example.org) [041201 12:40]:
> > On Wed, 2004-12-01 at 22:25 +1100, Matthew Palmer wrote:
> > > On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote:
> > > > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote:
> > > > > So, let me get this straight - fakepop will allow people to log
> > > > > in (using their username and password) in the clear and THEN tell
> > > > > them that they should have used POP over SSL instead. Quite how
> > > > > is this better than "connection refused"?
> > > >
> > > > Read the description:
> > > > "You can customize messages in /etc/fakepop/ directory to teach
> > > > your users how they should configure their mail clients to use
> > > > pop3-ssl instead of pop3"
> > >
> > > So I can put "All your mail is belong to us" in my /etc/fakepop/
> > > directory, so that people know that their passwords *have* been
> > > successfully sent in the clear before being told to reconfigure their
> > > mail client? Well, *I'm* comforted.
> > But since the password isn't valid, does it make much difference?
> > For example, my pop3 password isn't the same as my GnuPG passphrase.
> Well, but the probability that users who mis-use pop3 instead of
> pop3-ssl use their pop3-ssl password for pop3 is quite high.
Your informational message that says how to connect to the pop3-ssl server
could also suggest that the user change his or her password.