Hello X-Istence, Saturday, May 22, 2004, 11:06:33 PM, you wrote:
XI> -----BEGIN PGP SIGNED MESSAGE----- XI> Hash: SHA1 XI> Your first message, which started this flamewar. >> <snip> >> >> Roy, >> >> In the OLD days, people were happy with SMTP-Auth. I consider it LESS >> security as SMTP after POP, because with SMTP-Auth, You sent Your >> e-mailadress and Your password of Your mailbox over the internet. >> When a man-in-the-middle catch this e-mail (or worse Your PW), he can >> use it for spam, or access Your mailbox. XI> Well, considering you send your entire email over the line to get access XI> to pop, this claim is not true. Just thought id bring this up, as XI> everywhere else you are suggesting that it is not true that you said that. XI> Hell, pop3-ssl would be the same as smtp-ssl both would allow secure XI> authentication. XI> SMTP after POP is a pain, and it doesnt help against these so called man XI> in the middle attacks. Unless off course you would also provide a patch XI> to make it pop3-ssl, in which cause the next thing you say would be a XI> better solution. >> >> I suggest You use: SHUPP's version with netqmail like : >> >> fetch http://www.qmail.org/netqmail-1.05.tar.gz >> tar xzvf netqmail-1.05.tar.gz.tar >> cd netqmail-1.05 >> ./collate.sh >> >> # patch with Shupp's TLS and SMTP-Auth >> fetch >> http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20040207.patch >> patch < ./netqmail-1.05-tls-smtpauth-20040207.patch >> XI> So now that we have smtp-ssl, or smtps, how is SMTP after POP still more XI> secure? Why not just start an SSL connection and then auth with SMTP? I XI> dont see a difference at all. You brough POP in for no apperant reason XI> at all. Hell, id rather use SMTP auth than first pop and then sending XI> the mail, as its a pain in the ass to configure most mail clients to do XI> POP before SMTP. >> certificate: >> >> You can copy thoses (extension .pem) from : >> freeBSD, vpopmail stuff >> cd /var/qmail/control >> cp /usr/local/cert/ipop3d.pem servercert.pem >> ln -s servercert.pem ./clientcert.pem >> XI> Breached# ls /usr/local/cert/ipop3d.pem XI> ls: /usr/local/cert/ipop3d.pem: No such file or directory XI> hrm, thats FreeBSD BTW. >> Activate TLS by create a certificate, and You will be much better off >> to create an encrypted connecton to Your SMTP server by the SMTP Enc >> smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) >> smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp) >> >> <snip 500 million line sig> XI> X-Istence XI> -----BEGIN PGP SIGNATURE----- XI> Version: GnuPG v1.2.4 (FreeBSD) XI> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org XI> iD8DBQFAr8DYJukONu5DUaQRAt+1AJ4rE88Og4vvjtJmrr6an0jCZYrduwCgk1C5 XI> WKsxNOR6msDCJFK7wwaboqs= XI> =vm3x XI> -----END PGP SIGNATURE----- 'SMTP after POP' is a technique. I clearly stated to do POP3-SSL, to have afterwards a 'SMTP after POP' functionality. You authenticate completely with encruption, You get the smtp server open due to Your authentication for several minutes (for Your IP, if You wish), and You have Your 'SMTP after POP'. If I try to define it 'SMTP after POP3_SSL', well we have a new definition. You can take worsds out of the sentense, espescialy when someone writes terrible English, like I do, but I really known every topic what You mean. First try to understand, and answer on the same road I explained and not of the road. And if some people start with flaming... The flamewar did NOT start with my message. It started with Mr Doctor Hoffmans words, I quote 'troll' Well if we You to the road of ego, I can put other things on the table, but this serves not this list, and it was already a waste of time. This is my final answer, You can help out the guy with his problem. I leave it all to You, nice guys. I have a company to run. -- Best regards, DEBO Jurgen mailto:[EMAIL PROTECTED] -------------------------------------------------------------------------------------------- www.guide.be * www.gids.be * www.guide.fr * www.shop.fr -------------------------------------------------------------------------------------------- / \ sarl GUIDE (sdet) --- the GUIDE, de GIDS, TELESHOP, SHOP __ | __ 128, rue du faubourg de Douai | / | \ | FR-59000 Lille, La France / \ | / \ T�l/Fax +32 59 26.91.51 Mobile +32 479 212.841 /|______\|/______|\ Site http://sarl.guide.fr \| /|\ |/ N� TVA FR-55.440.243.988 |\ / | \ /| RC Lille 74075/2001B01478 |__\ | /__| Siret 440 243 988 00027 | Compte BE: KREDBEBB (BIC) BE56.466-5571951-88 (IBAN) --- Compte FR: CMCIFR2A (BIC) FR76.1562-9027-0200-0455-1870-127 (IBAN) \ / Conditions (terms): http://sarl.guide.fr/conditions.php -------------------------------------------------------------------------------------------- www.teleshop.fr * www.teleshop.be * www.teleshop.biz * www.teleshop.info * www.teleshop.name --------------------------------------------------------------------------------------------
