Securing E-mail Services (POP3 and IMAP)
Perhaps even more of a risk than Telnet for password sniffing (but a little harder to defend against) is the cleartext nature of POP3 and IMAP. If your users have set their e-mail clients to connect to the server every five minutes or so to check for new messages, a plainly visible login and password transaction occurs with each one of these connections, resulting in an even higher likelihood of password compromises—especially because these services send their sensitive data at predictable, regular intervals. If you're enforcing SSH rather than Telnet on your server, it's in your interest to do the same for your e-mail services.
We talked in Chapter 25 about how to secure the qpopper program to use the ...
Get FreeBSD® Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.