[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim4 authentication in etch? - SUCCESS!

Andrei Popescu wrote:
On Tue,07.Oct.08, 10:22:18, Thomas H. George wrote:

[snip security concerns]

Should I worry about this?

The SMTP (used by exim) and POP (used by fetchmail) protocols are not very secure by default, which is probably one of the reasons we now have such a huge problem with spam. Only recently more and more ISPs are using the option to tunnel these protocols inside an encrypted connection (SSL, TLS, whatever).

I'm not familiar with Iceape, but as far as I know, most GUI mail clients will default to using non-secure connections, unless specifically configured to use secure connections (but the server has to support it as well).

Iceape server security settings offer a choice of Never TLS-if available TLS SSL and an additional check box to require secure authentication. - Tom
This means that anyone on the internet can "listen" to the traffic between you and the server and snoop your passwords and the entire mails.

OTOH, you are just another needle in a huge haystack and I doubt anyone (except maybe the NSA or similar entities) has the means to watch all such traffic.

Personally I do appreciate when the ISPs are using the security options available, even if it's just to cut down on the spam.


Reply to: