Re: [exim] POP3 authentication

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJeremy Harris at <-
MIan Eiloart at ->
Delete this message
Reply to this message
Author: 韓家標 Bill Hacker
Date:  
To: exim users
Subject: Re: [exim] POP3 authentication
Pablo Baldovi wrote:
> Hello,
> I have a question for them.
> It happens that the configuration that authenticates the user with a good connection on POP3, when done in an organization, malicious anyonecan after a successful connection, change the configuration of your mail client and send mail as another person correct.
> Is there any way to fix this in a shared environment? (I hired a shared hosting plan)
>
> Thank you very much for your comments.
>
>
> Pablo Baldovi
> pbaldovi@???
>
>
>

SMTP auth based on prior successful POP (or IMAP) auth WAS a
'convenience' for admin setup's sake. I never liked it, went to
independent auth (and credentials, FWIW) 'many moons ago'.

YMMV.

But NEITHER is any assurance that, for example, any WinLuser's MUA won't
get compromised - thereby handing-over either/both sets of credentials.

From time to time, they most assuredly WILL do.

You just have to take steps to watch for the signs of that and have a
rapid means of fixing it.

Bill
--
韓家標

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] POP3 authentication[exim] If user authenticated and domain local check valid recipient->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)