[techtalk] POP mail security

Chris J/#6 sixie at nccnet.co.uk
Fri Jan 7 01:10:19 EST 2000

Try looking up about APOP authentication. Not all POP servers support it 
though, and I don't know what mail client support for APOP is like, but I 
think fetchmail is quite happy with it. APOP takes your username and 
password, and creates and md5 hash of the password and a timestamp returned 
by the pop server, and sends the hash over the wire. The password is never 
sent plain.


> All my users use fetchmail to get mail from my ISP's POP server.
> For lack of resources, I cannot put a pop server on my box.
> What is the best way to protect my users passwords from being sniffed?
> Can a user use an encrypted tunnel to send the userid and password to
> the pop server?
> Any pointers and experiences appreciated.
> Thank you in advance.
> Subba Rao
> subb3 at attglobal.net
> http://pws.prserv.net/truemax/
>  => Time is relative. Here is a new way to look at time. <=
> http://www.smcinnovations.com
> ************
> techtalk at linuxchix.org   http://www.linuxchix.org

@}-,'--------------------------------------------------  Chris Johnson --'-{@
    / "(it is) crucial that we learn the difference / sixie at nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 

techtalk at linuxchix.org   http://www.linuxchix.org

More information about the Techtalk mailing list