Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sun, 22 Dec 2002 09:52:06 -0600
From: James Olsen <jamesml@...netolsen.com>
To: popa3d-users@...ts.openwall.com
Subject: Question about using popa3d and stunnel

Hello everyone,

I currently using popa3d but would like to step up the security a
little bit on my system, notably trying to avoid sending passwords in
the clear to the server.

Additionally, I would also like to encrypt the messages as they are
sent to/from the server. Of course, I do realize that messages with
senders or recipients external to my box are still sent in the clear,
but at least messages with local senders/recipients will be encrypted
in transmission without needing PGP or SMIME.

After a bit of research, it seems that I can achieve both of these
goals by using stunnel to wrap pop3 transactions. So, I'm now in the
process of trying to set this up and test it.

I believe I have everything set up as properly as I can figure out,
but I'm still running into trouble. I am getting "popa3d[28274]:
Didn't attempt authentication" in the logs. I believe, though, my
client is authenticating as it did before with username and password.
I'm still trying to troubleshoot my configuration of stunnel and my
email client, but I'm hoping I might be able to get some helpful ideas
from someone who has already set up stunnel and popa3d.

If anyone has any suggestions, advice, alternatives, or sample
configurations I'd love to hear about them.

Thank you all for your time, it is greatly appreciated.

--James

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux