Aviram Jenik wrote: > > > I personally use sslwrap (http://www.rickk.com/sslwrap), > > and have never heard of SSLPop. However, what do you need it for? > > I'm looking for a way to secure my current qpopper connection. > Encrypting the password is okay, although I'd rather encrypt the > whole session. > It should be supported by the usual commercial mailers (though I'm > willing to drop netscape support for now) > We're talking Win32? Well... I don't like Outlook very much (even with the rules wizard it lacks decent filtering capabilities, but I guess you can do server-side processing if you need it. procmail is good), but it supports POP over SSL, as well as IMAP over SSL. And it does have the advantage of not dying when it has a large information store (mine is 270MB, NS Messenger often likes to choke when you have above 10,000 messages or so - but I still use it at home :). Of course, one must never forget the recent fiasco with several OL security holes (geez, you get an email - you don't even open it, and WHAM! activex and whatnot is all over you). Netscape only supports IMAP over SSL. Never used Eudora, but being a popular MUA, it seems like it should support imaps or pops. Since you use qpopper, you can just turn on APOP (I'm not sure when qpopper started supporting APOP, v3? Anyhow, it only encrypts the password, and it's a rather simple mechanism). > > > > Most commercial mail messaging servers (Exchange, Lotus Notes > > are the ones I know of) support SSL encrypted POP. > > Doesn't this require a certificate from Verisign? You can create your own. One can use his own CA (and one probably should, in a large enterprise environment). > > > If you're > > using something else, either tunnel it through SSH (obviously > > more work if you have Win-clients, they need SSH on their side > > as well) or thru stunnel/sslwrap/whatever. > > Tunneling which is not transparent (i.e. has to be performed on both > the server and the client side) is not very good for me. In that case, sslwrap or stunnel (never tried stunnel, sslwrap works fine for me) will do you. Just configure sslwrap to for 143->993 (imaps), and you're all set. If the server is heavily loaded (and you expect a lot of incoming imaps connections), do not run sslwrap from inetd (as the documentation suggests...). Forking out a new process for each incoming connection will just kill your machine. Run it as a daemon. > > > If you just want to encrypt > > passwords, qpopper supports apop. > > > > Good idea. Most commercial clients support APOP if I'm not mistaken. > Is there a way to encrypt the whole session, though? See above. You can also get encrypted smtp (again, over ssl). I'm not sure what MTAs support it out-of-the-box (besides the obvious commercial ones), but qmail can be patched to support it. It's sort of a 'pre-beta' patch, but it's very simple and seems fine to me. [pgp sig and quote died] -- /--------------- Omer Efraim, omere@tcmail.tau.ac.il ------------------\ [ Microsoft Vaccine 2000 is configuring your immune system. This may ] [ take a few minutes. If your body stops responding for a long time and ] [ there is no brain activity please die. Setup will continue after you ] [ are reborn. ] \-----------------------------------------------------------------------/ - Quoting Buzh, asr
S/MIME Cryptographic Signature