---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 276 Securing IMAP/POP Do you really need IMAP/POP service? Be aware that IMAP/POP programs use plaintext passwords by default. Anyone running a sniffer program along your network path can grab your username/password and use them to log in as you. It’s not because you use an IMAP/POP mail reader on your LINUX system mean you need to run an IMAP/POP server locally. Check your configuration and if you use a remote/external IMAP/POP server then uninstall IMAP/POP on your system. Using SSL capabilities over IMAP/POP Unfortunately, due to US government export restrictions, IMAP toolkit with SSL capability is currently not available. There are packages available from third parties that allow IMAP and POP3 sessions through SSL. One of these packages is WebMail IMP, a web interface that permits you to read your mail via the Internet with a web browser. WebMail IMP uses the SSL protocol to encrypt the communication with the IMAP/POP server. See the part IV  “Software’s- Related Reference” in chapter 19 “Servers Software (Web Network Services)” for more information on the topic.