[plug] POP mail security
christian at global.net.au
Thu Jan 6 14:34:20 WST 2000
Leon Brooks wrote:
> Subba Rao wrote:
> > What is the best way to protect my users passwords from being sniffed?
> The simplest, least flexible way is to block access to the POP port
> except from your dialup lines.
This won't really give much protection, will it? Attackers can still
telnet/ssh/ftp in (assuming any of these services are enabled) and they
could always dial up to the same modem as a legitimate user (of course,
if all these services are disabled there are much easier ways of gaining
illicit access to someone's mail...)
> There are SSL versions of the POP3 protocol (my /etc/services file
> mentions spop3 on port 995) but I suspect that Windows clients for same
> would be limited.
He said they were all using Fetchmail... (which doesn't support SSL
either from what I gather). As I suggested, APOP or a Kerberized POP
might be the best approach if SSH can't be used.
More information about the plug