On Fri, Dec 07, 2001 at 12:07:34PM +0100, Russell Coker wrote: > On Fri, 7 Dec 2001 08:13, Tim Uckun wrote: > > I am concerned about pop passwords being transmitted plaintext. Does > > imap encrypt passwords? if not does any protocol exists which does. > > Both POP and IMAP have extensions to allow minimal security for the > password (but still allow plain-text transfer of the messages). > > Also both POP and IMAP have TLS extensions that allow a client to > request SSL mode after connecting, and there are separate ports > defined for POP and IMAP servers that only do SSL. > > The courier-pop-ssl and courier-imap-ssl packages do this well.
alternatively, if you don't want to use courier, the stunnel package can be used to wrap any pop and/or imap daemon for SSL encryption. e.g. stunnel -d 993 -l /usr/sbin/imapd imapd stunnel -d 995 -l /usr/sbin/ipop3d ipop3d several POP/IMAP clients have ssl support. including, i believe, outlook, eudora, and netscape. btw, stunnel has tcpwrappers support built-in, so you don't need to use tcpd with it. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
