* Ron Johnson ([EMAIL PROTECTED]) [041201 12:40]: > On Wed, 2004-12-01 at 22:25 +1100, Matthew Palmer wrote: > > On Wed, Dec 01, 2004 at 05:17:33AM -0600, Ron Johnson wrote: > > > On Wed, 2004-12-01 at 11:04 +0000, Steve McIntyre wrote: > > > > So, let me get this straight - fakepop will allow people to log in > > > > (using their username and password) in the clear and THEN tell them > > > > that they should have used POP over SSL instead. Quite how is this > > > > better than "connection refused"?
> > > Read the description: > > > "You can customize messages in /etc/fakepop/ directory to teach > > > your users how they should configure their mail clients to use > > > pop3-ssl instead of pop3" > > So I can put "All your mail is belong to us" in my /etc/fakepop/ directory, > > so that people know that their passwords *have* been successfully sent in > > the clear before being told to reconfigure their mail client? Well, *I'm* > > comforted. > But since the password isn't valid, does it make much difference? > > For example, my pop3 password isn't the same as my GnuPG passphrase. Well, but the probability that users who mis-use pop3 instead of pop3-ssl use their pop3-ssl password for pop3 is quite high. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
