Re: exim4 authentication in etch? - SUCCESS!

["Thomas H. George" <lists@tomgeorge.info>]

Andrei Popescu wrote:
> On Tue,07.Oct.08, 10:22:18, Thomas H. George wrote:
>
> [snip security concerns]
>
>   
> > Should I worry about this?
> >     
>
> The SMTP (used by exim) and POP (used by fetchmail) protocols are not 
> very secure by default, which is probably one of the reasons we now have 
> such a huge problem with spam. Only recently more and more ISPs are 
> using the option to tunnel these protocols inside an encrypted 
> connection (SSL, TLS, whatever).
>
> I'm not familiar with Iceape, but as far as I know, most GUI mail 
> clients will default to using non-secure connections, unless 
> specifically configured to use secure connections (but the server has to 
> support it as well).

Iceape server security settings offer a choice of Never TLS-if available 
TLS SSL and an additional check box to require secure authentication. -  
Tom
>  This means that anyone on the internet can "listen" 
> to the traffic between you and the server and snoop your passwords and 
> the entire mails.
>
> OTOH, you are just another needle in a huge haystack and I doubt anyone 
> (except maybe the NSA or similar entities) has the means to watch all 
> such traffic.
>
> Personally I do appreciate when the ISPs are using the security options 
> available, even if it's just to cut down on the spam.
>
> Regards,
> Andrei
>