Thomas 'Balu' Walter
tw at itreff.de
Fri Jun 1 14:04:49 PDT 2001
+-Kristoffer Ekelund-(e7ke at etek.chalmers.se)-[01.06.01 21:47]:
> Is there any protocols for checking email that doesn't use
> plaintext password. I haven't even been able to figure out if pop3 uses
> plaintext passwords, I think it does but I'm not sure or if there is any
> way to make it use some good form of encrypted passwords...
# grep pop3s /etc/services
pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL
pop3s 995/udp spop3 # pop3 protocol over TLS/SSL
Check out sslwrap http://www.rickk.com/sslwrap/ to do those :)
Works also for:
https 443/tcp # http protocol over TLS/SSL
smtps 465/tcp # smtp protocol over TLS/SSL
nntps 563/tcp # nttp protocol over TLS/SSL
telnets 992/tcp # telnet protocol over TLS/SSL
imaps 993/tcp # imap4 protocol over TLS/SSL
ircs 994/tcp # irc protocol over TLS/SSL
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps 990/tcp # ftp protocol, control, over TLS/SSL
> Also, are there any email programs (MDA's and MTA's mainly) that anyone
> can recomend on the basis of security? I'm setting up qmail right now,
> since sendmail seems to have to many exploits...
I think that's only true for older sendmails - the newer ones were never
really buggy (or not that I know of ;).
I don't like qmail, because I heard Dan Bernstein is a little paranoid
;-) - It looks like he does what he wants, not what other find correct.
Next one I'll try is postfix from Wietse Venema (who is a name you
should know in security world :)
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message
More information about the lfs-security