From owner-freebsd-questions Tue Nov 7 18: 0:57 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-149-77.mmcable.com [24.27.149.77]) by hub.freebsd.org (Postfix) with SMTP id 1726437B479 for ; Tue, 7 Nov 2000 18:00:55 -0800 (PST) Received: (qmail 10872 invoked by uid 100); 8 Nov 2000 02:00:54 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14856.46038.640800.870554@guru.mired.org> Date: Tue, 7 Nov 2000 20:00:54 -0600 (CST) To: Greg Lehey Cc: questions@freebsd.org Subject: Pop passwords (Was: Recent Virus Attacks) In-Reply-To: <65712050@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greg Lehey types: > On Thursday, 2 November 2000 at 22:39:16 -0600, Jusitn W. Pauler wrote: > > I use fetchmail to download mail to sendmail and cucipop to allow me > > to grab it from my windows box. > If I'm not mistaken, both of these programs send your passwords in the > clear. Not a good idea. Both POP and IMAP protocols have features that let you avoid sending passwords in the clear. Fetchmail implements a fair collection of them from the client side. I'm not sure what cucipop supports from the server side. In this case, cucipop is apparently running on the local network, which should be shielded from prying eyes.