[plug] POP mail security

Steve Grasso steveg at calm.wa.gov.au
Thu Jan 6 10:36:15 WST 2000

>All my users use fetchmail to get mail from my ISP's POP server.
>For lack of resources, I cannot put a pop server on my box.
>What is the best way to protect my users passwords from being sniffed?
>Can a user use an encrypted tunnel to send the userid and password to
>the pop server?

One option (not especially liked by users) would be to use S/Key one-time 
passwords. In the event you're not using SSH, this would somewhat protect 
shell accounts too.


More information about the plug mailing list