Securing-Optimizing-RH-Linux-1_2_276
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
276
Securing IMAP/POP
Do you really need IMAP/POP service?
Be aware that IMAP/POP programs use plaintext passwords by default. Anyone running a sniffer
program along your network path can grab your username/password and use them to log in as
you. Its not because you use an IMAP/POP mail reader on your LINUX system mean you need
to run an IMAP/POP server locally. Check your configuration and if you use a remote/external
IMAP/POP server then uninstall IMAP/POP on your system.
Using SSL capabilities over IMAP/POP
Unfortunately, due to US government export restrictions, IMAP toolkit with SSL capability is
currently not available. There are packages available from third parties that allow IMAP and
POP3 sessions through SSL. One of these packages is WebMail IMP, a web interface that
permits you to read your mail via the Internet with a web browser. WebMail IMP uses the SSL
protocol to encrypt the communication with the IMAP/POP server. See the part IV Softwares-
Related Reference in chapter 19 Servers Software (Web Network Services) for more
information on the topic.