On Sat, 20 Nov 1999, dd wrote:
> [...]
> AFAIK one of the documents related to qmail mentioned the insecurity of
> POP3 protocol and said that in an insecure network the passwords could
> easily be stolen. today i tried one of the sniffers for linux and got the
> pass of my friend (of course, i told him that i did so). errm, if i can do
> this, any other user can do the same too.
And so more, you could even monitor a telnet connection ;)
Of course if you are a superuser (e.g. root) and users of your subnet are
too lazy to use ssh.
> hmm, does qmail-pop3d support
> any kind of encryption of the passwords ? so that i can guarantee the
> security of the accounts of my users?
There might be several posibilities for that.
The most common and portable way is propably to use SSL encryption wrapper
with actual POP, IMAP or any other protocol.
If you want to check this out, go directly to a stunnel web page at
http://mike.daewoo.com.pl/computer/stunnel, and don't forget to install
latest OpenSSL or SSLeay code.
Eventualy check my latest downloads at
ftp://hal.umcs.lublin.pl/pub/security.
> [...]
> thx, peace and the other good things like haribo,
> dd
Sincerely,
Marcin Jaskowiak
"It's better to burn out than to fade away..."
- Kurt Cobain
