Re: [exim] What's the best way to secure both SMTP and POPa…

Top Page
Delete this message
Reply to this message
Author: jtelep
Date:  
To: Bruno S. Delbono
CC: exim-users
Old-Topics: Re: [exim] What's the best way to secure both SMTP and POP authentication?
Subject: Re: [exim] What's the best way to secure both SMTP and POPauthentication?
> * on the Tue, Jul 25, 2006 at 11:36:02AM -0400, jtelep@??? was
> tippering:
>> I am currently using AUTH PLAIN via SASL for SMTP and then TLS. I have
>> nothing currently in place to POP3 but I am just wondering, I mean, if
>> someone was doing any packet sniffing they could see the username and
>> password being passed because of the fact that I am using plain. What
>> is
>> the best and most secure way of preventing this for both SMTP and POP3
>> authentication?
>
> Use STARTTLS and an SSL enabled pop3 server (pop3s). It should fix these
> both
> problems. Instruct (not force) the users to use SSL when authenticating
> using
> SMTP-AUTH.
>
> Warm Regards.
>
> --
> Bruno Delbono
> Open-Systems Group Inc.
> http://www.open-systems.org/
> http://www.mail.ac/
> http://hub.mail.ac/
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>

SO the mail clients then should choose an option similar to "Use TLS, if
available" instead of just straight "TLS" for SMTP server settings and
this will also encrypt the actual authentication as well as the traffic
once the connection has been established?

Thanks,

Jon