Re: [TCLUG:8010] IMAP vs POP3

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:8010] IMAP vs POP3
From: Peter Lukas <peter@math.umn.edu>
Date: Mon, 30 Aug 1999 15:28:40 -0500 (CDT)
In-Reply-To: <37CAE080.E46A4DCE@tc.umn.edu>

They're both rather insecure methods of transfering mail.  IMAP is
generally regarded as a strict no-no among the extremely paranoid.  The
ideal method would be to wrap either POP or IMAP with ssh using the magic
of port forwarding.  It's not all that practical for the average user, but
it does guarantee encrypted transmission of username/password and e-mail
(not to mention some pretty decent compression).

It's rather easy to set up under unix and windows environments.  There are
free windows SSH clients that allow port forwarding which could then be
combined with a pop/imap mail client.  Shell access may be required, but
in theory, the time it takes for login to say "you don't have shell access
here", the forwarding session could be established and the mail could be
securely downloaded to the client application.  It's about as simple as
this from the command line:

$ ssh popusername@pop.server.com -L 30110:pop.server.com:110

It is possible to forward the real POP-3 or IMAP ports, but it must be
done as root since they both live on privelaged ports.  The mail client
will need to be informed of this change by pointing it at 127.0.0.1:30110
as the pop server.  Until M$ figures out how a IP stack works, the average
user can forward and manipulate privelaged ports.

Peter Lukas

On Mon, 30 Aug 1999, Troy Johnson wrote:

> Bob,
> 
> Security-wise, IMAP should be a lot worst off simply because POP3 is
> more mature and POP3's job is less complicated. It might also be worse
> off because most POP3 clients delete mail from the server by default,
> making for fewer clueless user questions regarding mail quotas. 
> 
> The main cool thing for me regarding IMAP would be concurrent access to
> multiple email boxes from one client, but it's not that big of a deal.
> The other frills (for me) aren't necessary.
> 
> Troy
> 
> Bob Tanner wrote:
> > IMAP vs POP3
> > I have read the POP3 vs IMAP at http://www.imap.org/imap.vs.pop.brief.html but
> > they do not address security. I have seen lots of stuff on BUGTRAQ on IMAP
> > holes, so I am asking the community for feedback on running IMAP.
> > Thanks.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>

Follow-Ups:
- Re: [TCLUG:8010] IMAP vs POP3
  - From: Eric Estabrooks <eric@urbanrage.com>
- RE: [TCLUG:8010] IMAP vs POP3
  - From: "Eric Hillman" <ehillman@cccu.com>

References:
- Re: [TCLUG:8010] IMAP vs POP3
  - From: Troy Johnson <john1536@tc.umn.edu>

Prev by Date: RE: [TCLUG:8008] kernel compile HOWTO
Next by Date: case sensitive cdrom
Prev by thread: Re: [TCLUG:8010] IMAP vs POP3
Next by thread: RE: [TCLUG:8010] IMAP vs POP3
Index(es):
- Date
- Thread