Re: [exim] What's the best way to secure both SMTP and POP …

Top Page
Delete this message
Reply to this message
Author: Bruno S. Delbono
Date:  
To: jtelep
CC: exim-users
New-Topics: Re: [exim] What's the best way to secure both SMTP and POPauthentication?
Subject: Re: [exim] What's the best way to secure both SMTP and POP authentication?
* on the Tue, Jul 25, 2006 at 11:36:02AM -0400, jtelep@??? was tippering:
> I am currently using AUTH PLAIN via SASL for SMTP and then TLS. I have
> nothing currently in place to POP3 but I am just wondering, I mean, if
> someone was doing any packet sniffing they could see the username and
> password being passed because of the fact that I am using plain. What is
> the best and most secure way of preventing this for both SMTP and POP3
> authentication?


Use STARTTLS and an SSL enabled pop3 server (pop3s). It should fix these both
problems. Instruct (not force) the users to use SSL when authenticating using
SMTP-AUTH.

Warm Regards.

--
Bruno Delbono
Open-Systems Group Inc.
http://www.open-systems.org/
http://www.mail.ac/
http://hub.mail.ac/