Re: IMAP over an SSH tunnel -- how does it work?
On 6 Apr 05 21:25:59 GMT, Alex Malinovich <demonbane@the-love-shack.net> wrote:
> On Wed, 2005-04-06 at 16:31 -0400, Matt Price wrote:
> --snip--
>> ssh <me>@localhost -L 9143:<mailbox.server.name>:143=20
>>=20
>> then I just point getmail to=20
>> port =3D 9143
>> server =3D localhost
>>=20
>> and my mail gets picked up! But: I guess I don't really believe that
>> the mail is encrypted,
[...]
> You're right, your communication to the mail server is NOT, in fact,
> being encrypted.
[...]
When you consider that any mail you receive has been transmitted over
the internet in cleartext (SMTP traffic is not usually encrypted) this
begs the question of why you would bother encrypting the last hop.
Anyone wishing to intercept the content could do so well before it
arrives at the IMAP server. Or they could just coerce your ISP into
giving them a copy of the cleartext. If you are concerned about
immunity from snooping then you are better off encrypting the message
rather then the transport.
The only real benefit of encrypting IMAP sessions is to protect the
password used to access the mailbox. This can be achieved without
encrypting the entire session, only the authentication stage needs to
be secure.
> What you're wanting to do is not possible without having a shell account
> on your ISP's machine. Though if your ISP doesn't offer secure access to
> your mail and WON'T offer secure access to your mail, I'd suggest that
> it's time to look for a new ISP. (One that won't be compromised any day
> now.)
You've just ruled out 99.9% of ISPs. 99.9% of email users neither know
nor care about these issues.
--
Frank Copeland
Home Page: <URL:http://thingy.apana.org.au/~fjc/>
Not the Scientology Home Page: <URL:http://xenu.apana.org.au/ntshp/>
Keep it in Usenet. E-mail replies and 'courtesy' copies are not welcome.
If you're selling, I ain't buying.
Reply to: