* on the Tue, Jul 25, 2006 at 11:36:02AM -0400, jtelep@??? was tippering:
> I am currently using AUTH PLAIN via SASL for SMTP and then TLS. I have
> nothing currently in place to POP3 but I am just wondering, I mean, if
> someone was doing any packet sniffing they could see the username and
> password being passed because of the fact that I am using plain. What is
> the best and most secure way of preventing this for both SMTP and POP3
> authentication?
Use STARTTLS and an SSL enabled pop3 server (pop3s). It should fix these both
problems. Instruct (not force) the users to use SSL when authenticating using
SMTP-AUTH.
Warm Regards.
--
Bruno Delbono
Open-Systems Group Inc.
http://www.open-systems.org/
http://www.mail.ac/
http://hub.mail.ac/
