[pmmail-list] wish list: SSL and address book enhancement

[Kenneth Porter]

On Wed, 28 Mar 2001 13:09:35 +0200, Thilo Hilpert wrote:

>IMHO there is so far no way to do encrypted password transfer in
>PMMail. Is SSL support planned or could it be set on the wish list?

PMMail has APOP, provided that your POP3 server supports it. Alas, only
one of my 4 accounts supports it, and that's the one where I maintain
the mail server. (It's running qpopper on Red Hat 6.)

APOP uses a challenge-response scheme. The server supplies a value
based on the time of connection in its welcome banner. The client (eg.
PMMail) uses this to MD5-encrypt the password and, instead of using the
PASS command, uses the APOP command to submit the encrypted password.

Note that APOP only protects the password. To protect message bodies,
you still need SSL wrapping the whole connection. With SSL, you don't
really need APOP.

The same tunnel mechanism used on clients can be deployed on servers.
The POP3 server can be run on a second port (SPOP3, port 995) through a
tunnel, so the server software itself need not have SSL support. The
newest qpopper, version 4 "LX", has integrated SSL support.

Home page for qpopper is http://www.qpopper.org. The free version (v3)
can be found through a link at the bottom of the page.

Ken
mailto:shiva@well.com
http://www.sewingwitch.com/ken/
[If answering a mailing list posting, please don't cc me your reply. I'll take my answer on the list.]



- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com