[ILUG] POP mail security
fergal at esatclear.ie
Thu Jan 6 14:47:15 GMT 2000
At 20:24 05/01/00 -0500, Subba Rao wrote:
>All my users use fetchmail to get mail from my ISP's POP server.
>For lack of resources, I cannot put a pop server on my box.
>What is the best way to protect my users passwords from being sniffed?
>Can a user use an encrypted tunnel to send the userid and password to
>the pop server?
>Any pointers and experiences appreciated.
How limited are your resources? A pop server would not take much.
I don't know of any pop servers (or clients) that know about encryption.
The only way to do this is to use ssh to forward all connections over a
secure tunnel between your server and a server on the ISP's network, but
this would mean getting them to run sshd for you on one of their machines -
Does the pop server belong to the ISP you dial into? If so then your
password will basically travel up the phone line and straight into pop
server. The only people who could do any sniffing are the ISP staff
themselves and they don't need your password, they've probably had a good
laugh at your highly personal emails already!
More information about the ILUG