[plug] POP mail security

Christian christian at global.net.au
Thu Jan 6 14:34:20 WST 2000

Leon Brooks wrote:
> Subba Rao wrote:
> > What is the best way to protect my users passwords from being sniffed?
> The simplest, least flexible way is to block access to the POP port
> except from your dialup lines.

This won't really give much protection, will it?  Attackers can still
telnet/ssh/ftp in (assuming any of these services are enabled) and they
could always dial up to the same modem as a legitimate user (of course,
if all these services are disabled there are much easier ways of gaining
illicit access to someone's mail...)

> There are SSL versions of the POP3 protocol (my /etc/services file
> mentions spop3 on port 995) but I suspect that Windows clients for same
> would be limited.

He said they were all using Fetchmail... (which doesn't support SSL
either from what I gather).  As I suggested, APOP or a Kerberized POP
might be the best approach if SSH can't be used.



More information about the plug mailing list