Hi all, I'm looking into using IMAP on my linux server, and noticed that after I installed the imapd rpm, and looked in /etc/inetd.conf, I saw the lines: # Imapd - Interactive Mail Access Protocol server # Attention: This service is very insecure # imap stream tcp nowait root /usr/sbin/tcpd imapd Now I'm concerned, because it says that it is insecure. I thought a lot of people use imap? Why do they if it is insecure? What is insecure about it? Thanks for any help, -Steven
Steven Hatfield wrote:
Hi all, I'm looking into using IMAP on my linux server, and noticed that after I installed the imapd rpm, and looked in /etc/inetd.conf, I saw the lines:
# Imapd - Interactive Mail Access Protocol server # Attention: This service is very insecure # imap stream tcp nowait root /usr/sbin/tcpd imapd
Now I'm concerned, because it says that it is insecure. I thought a lot of people use imap? Why do they if it is insecure? What is insecure about it?
Hi Steven, AFAIK, the passwords for IMAP login are transmitted in the clear. That's why it's insecure. You can try "wrapping" it with something like SSLwrap (it's what I use). The URL is: http://www.rickk.com/sslwrap/ Good Luck, Richard -- << "I do not feel obliged to believe that >> << the same God who has endowed us >> << with sense, reason, and intellect has >> << intended us to forgo their use." >> --Galileo Galilei ---***---***---***---***---***---***---***---***---***---***---***--- Richard Witt Phone: (330) 672-0096 Dept. of Physics, Kent State University Email: witt@cnr2.kent.edu ---***---***---***---***---***---***---***---***---***---***---***---
Richard Witt wrote:
Steven Hatfield wrote:
Hi all, I'm looking into using IMAP on my linux server, and noticed that after I installed the imapd rpm, and looked in /etc/inetd.conf, I saw the lines:
# Imapd - Interactive Mail Access Protocol server # Attention: This service is very insecure # imap stream tcp nowait root /usr/sbin/tcpd imapd
Now I'm concerned, because it says that it is insecure. I thought a lot of people use imap? Why do they if it is insecure? What is insecure about it?
Hi Steven,
AFAIK, the passwords for IMAP login are transmitted in the clear. That's why it's insecure. You can try "wrapping" it with something like SSLwrap (it's what I use). The URL is:
Good Luck, Richard
But the same thing can be said about pop3, ftp and telnet, yet these services in inetd.conf don't elicit a Big Ass Warning(tm) as does imapd. It is pretty strange, don't you think? Thanks for your input though, I indeed read about the "user info in the clear" on a how-to site. SSL might be in order, if I don't find out any more info why not to use imap. Thanks, -Steven
participants (2)
-
Richard Witt
-
Steven Hatfield