[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Pop or Imap?

On Fri, Dec 07, 2001 at 12:07:34PM +0100, Russell Coker wrote:
> On Fri, 7 Dec 2001 08:13, Tim Uckun wrote:
> > I am concerned about pop passwords being transmitted plaintext. Does
> > imap encrypt passwords? if not does any protocol exists which does.
> Both POP and IMAP have extensions to allow minimal security for the
> password (but still allow plain-text transfer of the messages).
> Also both POP and IMAP have TLS extensions that allow a client to
> request SSL mode after connecting, and there are separate ports
> defined for POP and IMAP servers that only do SSL.
> The courier-pop-ssl and courier-imap-ssl packages do this well.

alternatively, if you don't want to use courier, the stunnel package can
be used to wrap any pop and/or imap daemon for SSL encryption.


stunnel -d 993 -l /usr/sbin/imapd imapd
stunnel -d 995 -l /usr/sbin/ipop3d ipop3d

several POP/IMAP clients have ssl support. including, i believe,
outlook, eudora, and netscape.

btw, stunnel has tcpwrappers support built-in, so you don't need to use
tcpd with it.


craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to: