[plug] POP mail security

John Summerfield summer at os2.ami.com.au
Fri Jan 7 07:52:28 WST 2000

> All my users use fetchmail to get mail from my ISP's POP server.
> For lack of resources, I cannot put a pop server on my box.
> What is the best way to protect my users passwords from being sniffed?
> Can a user use an encrypted tunnel to send the userid and password to
> the pop server?
> Any pointers and experiences appreciated.

If the network traffic does not go past a box, that box can't sniff it. So 
first, look at your LAN configuration. If that's configured so as to 
isolate boxes from each other, then your passwords (for all applications, 
not just POP3) won't be sniffed.

Same applies to your Internet connexion. In my case I use a standard modem 
and phone line; for anyone to sniff that they need to tap my phone line. 
I'm not going to bother myself over that one. If you have some kind of 
connexion that's reasonable secure then i see no reason to concern youself 
over passwords passing in clear text; if someone can monitor the data on 
you line, there may be a lot more than passwords to worry about; the mail 
itself for starters.

If I were sufficiently important to attract serious attempts to break in, 
then I expect I'd be rich enough to hire someone who KNOWS.

John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.

More information about the plug mailing list