[luau] Re: imap
Eric Jeschke
jeschke at portcullis.uhh.hawaii.edu
Thu Sep 26 10:25:00 PDT 2002
vanilla imap is an insecure protocol, unless you only run it in secure
mode (imaps, port 993). If anyone sniffs your regular unencrypted imap
traffic they will not only be able to intercept your email, but possibly
to login to your account (e.g. if you have ssh enabled and are only
requiring password authentication (another good reason to require key
authentication)). This does not apply if the account does not allow
remote logins (e.g. cyrus imap).
I HIGHLY recommend that if you access imap to a login account over the
internet that you run it in secure mode, tunnel it over ssh, or in some
way secure it.
***Note that this applies to squirrelmail over regular http too***. You
should only run squirrelmail over secure http (https). On our server
we do not allow squirrelmail to be accessed via http, only https.
--Eric
--
Eric Jeschke
http://cs.uhh.hawaii.edu/~jeschke
On Thu, 26 Sep 2002 luau-request at videl.ics.hawaii.edu wrote:
| From: Jim <jim at jimroby.com>
| To: luau at videl.ics.hawaii.edu
| Subject: Re: [luau] Multiple E-Mail Accounts in KMail
|
| I used IMAP for years on Win with Pine,but shopping for a new ISP
| (Big Island)I found very few will allow it; most claim security...they
| don't want you logged on to the mail server.Even my old ISP Aloha.net
| changed things and made it very painful to use IMAP,if you were reading
| for a period the server would break connection,although POP3 was fast
| and friendly.Mozilla supports IMAP.
|
| Eric Hattemer wrote:
| > Any email client should put imap accounts into separate folders. I know
| > OE, NS, eudora, kmail, evolution all do. See if your mail servers
| > support imap. Its a neat protocol, and most mail providers prefer you
| > to use it. ----snip----
More information about the LUAU
mailing list