[plug] POP mail security
summer at os2.ami.com.au
Fri Jan 7 07:52:28 WST 2000
> All my users use fetchmail to get mail from my ISP's POP server.
> For lack of resources, I cannot put a pop server on my box.
> What is the best way to protect my users passwords from being sniffed?
> Can a user use an encrypted tunnel to send the userid and password to
> the pop server?
> Any pointers and experiences appreciated.
If the network traffic does not go past a box, that box can't sniff it. So
first, look at your LAN configuration. If that's configured so as to
isolate boxes from each other, then your passwords (for all applications,
not just POP3) won't be sniffed.
Same applies to your Internet connexion. In my case I use a standard modem
and phone line; for anyone to sniff that they need to tap my phone line.
I'm not going to bother myself over that one. If you have some kind of
connexion that's reasonable secure then i see no reason to concern youself
over passwords passing in clear text; if someone can monitor the data on
you line, there may be a lot more than passwords to worry about; the mail
itself for starters.
If I were sufficiently important to attract serious attempts to break in,
then I expect I'd be rich enough to hire someone who KNOWS.
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.
More information about the plug