Secure email

Thomas 'Balu' Walter tw at itreff.de
Fri Jun 1 14:04:49 PDT 2001


+-Kristoffer Ekelund-(e7ke at etek.chalmers.se)-[01.06.01 21:47]:
> Is there any protocols for checking email that doesn't use
> plaintext password. I haven't even been able to figure out if pop3 uses
> plaintext passwords, I think it does but I'm not sure or if there is any
> way to make it use some good form of encrypted passwords...

# grep pop3s /etc/services
pop3s           995/tcp    spop3        # pop3 protocol over TLS/SSL
pop3s           995/udp    spop3        # pop3 protocol over TLS/SSL

Check out sslwrap http://www.rickk.com/sslwrap/ to do those :)
Works also for:

https 443/tcp     # http protocol over TLS/SSL
smtps 465/tcp     # smtp protocol over TLS/SSL
nntps 563/tcp     # nttp protocol over TLS/SSL
telnets 992/tcp   # telnet protocol over TLS/SSL
imaps 993/tcp     # imap4 protocol over TLS/SSL
ircs 994/tcp      # irc protocol over TLS/SSL
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps 990/tcp      # ftp protocol, control, over TLS/SSL

> Also, are there any email programs (MDA's and MTA's mainly) that anyone
> can recomend on the basis of security? I'm setting up qmail right now,
> since sendmail seems to have to many exploits...

I think that's only true for older sendmails - the newer ones were never
really buggy (or not that I know of ;).

I don't like qmail, because I heard Dan Bernstein is a little paranoid
;-) - It looks like he does what he wants, not what other find correct.

Next one I'll try is postfix from Wietse Venema (who is a name you
should know in security world :)

     Ba-secure-lu
-- 
Unsubscribe: send email to lfs-security-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-security mailing list