Aviram Jenik wrote:
>
> > I personally use sslwrap (http://www.rickk.com/sslwrap),
> > and have never heard of SSLPop. However, what do you need it for?
>
> I'm looking for a way to secure my current qpopper connection.
> Encrypting the password is okay, although I'd rather encrypt the
> whole session.
> It should be supported by the usual commercial mailers (though I'm
> willing to drop netscape support for now)
>
We're talking Win32? Well...
I don't like Outlook very much (even with the rules wizard it
lacks decent filtering capabilities, but I guess you can do
server-side processing if you need it. procmail is good),
but it supports POP over SSL, as well as IMAP over SSL.
And it does have the advantage of not dying when it has a large
information store (mine is 270MB, NS Messenger often likes
to choke when you have above 10,000 messages or so - but I still
use it at home :). Of course, one must never forget the recent fiasco
with several OL security holes (geez, you get an email - you don't
even open it, and WHAM! activex and whatnot is all over you).
Netscape only supports IMAP over SSL.
Never used Eudora, but being a popular MUA, it seems
like it should support imaps or pops.
Since you use qpopper, you can just turn on APOP (I'm not
sure when qpopper started supporting APOP, v3? Anyhow,
it only encrypts the password, and it's a rather
simple mechanism).
> >
> > Most commercial mail messaging servers (Exchange, Lotus Notes
> > are the ones I know of) support SSL encrypted POP.
>
> Doesn't this require a certificate from Verisign?
You can create your own. One can use his own CA (and one probably
should, in a large enterprise environment).
>
> > If you're
> > using something else, either tunnel it through SSH (obviously
> > more work if you have Win-clients, they need SSH on their side
> > as well) or thru stunnel/sslwrap/whatever.
>
> Tunneling which is not transparent (i.e. has to be performed on both
> the server and the client side) is not very good for me.
In that case, sslwrap or stunnel (never tried stunnel, sslwrap works fine
for me)
will do you. Just configure sslwrap to for 143->993 (imaps), and you're all
set. If the server is heavily loaded (and you expect a lot of incoming
imaps connections), do not run sslwrap from inetd (as the documentation
suggests...). Forking out a new process for each incoming connection
will just kill your machine. Run it as a daemon.
>
> > If you just want to encrypt
> > passwords, qpopper supports apop.
> >
>
> Good idea. Most commercial clients support APOP if I'm not mistaken.
> Is there a way to encrypt the whole session, though?
See above.
You can also get encrypted smtp (again, over ssl). I'm not sure
what MTAs support it out-of-the-box (besides the obvious commercial ones),
but qmail can be patched to support it. It's sort of a 'pre-beta' patch,
but it's very simple and seems fine to me.
[pgp sig and quote died]
--
/--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
[ Microsoft Vaccine 2000 is configuring your immune system. This may ]
[ take a few minutes. If your body stops responding for a long time and ]
[ there is no brain activity please die. Setup will continue after you ]
[ are reborn. ]
\-----------------------------------------------------------------------/
- Quoting Buzh, asr
S/MIME Cryptographic Signature
