Do you offer standard POP3 service?
Is it encrypted?
If not, you've got passwords going over in cleartext anyway.
Not to mention that unless you are the CIA no one is going to try and
bother sniffing passwords anyway..
SSL (HTTPS/etc) is often more of a waste of effort than not.
Sure, So called 'E-commerce' sites have to have it for appearances sake
(ONLY), but more often than not the credit card number that was
received over https in a very short TCP session is then emailed in the
clear to the person receiving the orders, where it sits in a mailbox
for some time.
On Tue, 13 Feb 2001, Donald Thompson wrote:
> I've implemented TLS on my mail server for mail clients using SMTP
> Authentication. And it works flawlessly for Netscape 4.76 clients.
> But life can never be so simple. Outlook 2000 appears to be a different story.
> Either I'm not getting the configuration in the client right, or Outlook 2000
> is just plain broke. I'm sure it works perfectly with exchange server.
>
> So for outlook clients, I'm back to my old standby of using stunnel for
> ssmtp. This is fine, I don't really care whats used as long as I don't
> have clear text passwords going over the internet. This puts me in a
> predicament with relaying though, and I'm wondering if other people just
> think I'm being paranoid, or maybe they know how to get outlook 2000
> working with TLS, or more than likely theres just gotta be a better way
> than how I'm doing it.
>
> The way I originally setup stunnel was to have it catch encrypted
> connections on port 465 and redirects them to localhost port 25. Exim sees
> this as a local connection, so it drops any requirement for doing
> authentication in order to relay. I could force authentication on
> 127.0.0.1 but I have a feeling I'll spend a day fixing everything
> that uses localhost. So..the horrendous workaround I came up with is this:
>
> Setup an IP alias on eth0:1 (its a linux box) as 192.168.10.10.
> Have stunnel run the ssmtp connection from port 465 to 192.168.10.10 port
> 25. Exim sees it as a non-local address and forces the client to
> authenticate in order to relay. Problem fixed. The outlook clients hang
> for about 15 seconds during the send operation, but I'm hoping this will
> never be seen since this usually runs in the background for outlook users.
>
> To me this doesn't appear to be any worse than running a seperate exim
> process on a different port which always requires authentication, and
> having stunnel route to it. But I still hate it because theres so many
> steps I have a feeling it'll break a lot. Am I wrong? Anyone have a better
> way?
>
> -Don
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--
