At 20:24 05/01/00 -0500, Subba Rao wrote:
>>All my users use fetchmail to get mail from my ISP's POP server.
>For lack of resources, I cannot put a pop server on my box.
>>What is the best way to protect my users passwords from being sniffed?
>Can a user use an encrypted tunnel to send the userid and password to
>the pop server?
>>Any pointers and experiences appreciated.
How limited are your resources? A pop server would not take much.
I don't know of any pop servers (or clients) that know about encryption.
The only way to do this is to use ssh to forward all connections over a
secure tunnel between your server and a server on the ISP's network, but
this would mean getting them to run sshd for you on one of their machines -
unlikely.
Does the pop server belong to the ISP you dial into? If so then your
password will basically travel up the phone line and straight into pop
server. The only people who could do any sniffing are the ISP staff
themselves and they don't need your password, they've probably had a good
laugh at your highly personal emails already!
Fergal
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
