[plug] POP mail security
steveg at calm.wa.gov.au
Thu Jan 6 10:36:15 WST 2000
>All my users use fetchmail to get mail from my ISP's POP server.
>For lack of resources, I cannot put a pop server on my box.
>What is the best way to protect my users passwords from being sniffed?
>Can a user use an encrypted tunnel to send the userid and password to
>the pop server?
One option (not especially liked by users) would be to use S/Key one-time
passwords. In the event you're not using SSH, this would somewhat protect
shell accounts too.
More information about the plug