Re: Pop or Imap?

To: debian-isp@lists.debian.org
Subject: Re: Pop or Imap?
From: Craig Sanders <cas@taz.net.au>
Date: Sat, 8 Dec 2001 10:25:12 +1100
Message-id: <[🔎] 20011208102512.J7190@taz.net.au>
In-reply-to: <[🔎] 20011207180721.DC9F53531AB@lyta.coker.com.au>
References: <[🔎] 4.2.0.58.20011206231138.00a4da10@mail.diligence.com> <[🔎] 20011207180721.DC9F53531AB@lyta.coker.com.au>

On Fri, Dec 07, 2001 at 12:07:34PM +0100, Russell Coker wrote:
> On Fri, 7 Dec 2001 08:13, Tim Uckun wrote:
> > I am concerned about pop passwords being transmitted plaintext. Does
> > imap encrypt passwords? if not does any protocol exists which does.
>
> Both POP and IMAP have extensions to allow minimal security for the
> password (but still allow plain-text transfer of the messages).
>
> Also both POP and IMAP have TLS extensions that allow a client to
> request SSL mode after connecting, and there are separate ports
> defined for POP and IMAP servers that only do SSL.
>
> The courier-pop-ssl and courier-imap-ssl packages do this well.

alternatively, if you don't want to use courier, the stunnel package can
be used to wrap any pop and/or imap daemon for SSL encryption.

e.g.

stunnel -d 993 -l /usr/sbin/imapd imapd
stunnel -d 995 -l /usr/sbin/ipop3d ipop3d


several POP/IMAP clients have ssl support. including, i believe,
outlook, eudora, and netscape.


btw, stunnel has tcpwrappers support built-in, so you don't need to use
tcpd with it.


craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

References:
- Pop or Imap?
  - From: Tim Uckun <tim@diligence.com>
- Re: Pop or Imap?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: RE: Strange apache behaviour?
Next by Date: Re: Mailinglist software recommendations?
Previous by thread: Re: Pop or Imap?
Next by thread: Re: Strange apache behaviour?
Index(es):
- Date
- Thread