Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help: WebMail connection refused?


On Jan 31, 2005, at 4:12 PM, Josh Wisenbaker wrote:

Sounds like you need to enable PLAIN authentication for Squirrelmail to work. 

Bleh!

I just configure SquirrelMail to use MD5.

josh

And of course you _still_ need SSL since the browser will send the pass clear otherwise for SquirrelMail to encrypt into MD5.

The thought that I often see is that the connection between SquirrelMail running on the server is local and therefor more secure, which is true to a limited degree. The problem is that there isn't a real easy way to say local connections can be PLAIN, but someone running Mail on a remote Mac has to use MD5. It's really an all or nothing sort of deal.

So:

1. SSL for webmail
2. At least MD5 for IMAP

And that still just secures the login. Without SSL on the mail transport it is still vulnerable to sniffing of the mail contents. So just make sure you encrypt any sensitive mail that you send. Luckily Apple made this really easy to do with Mail. :) Or use SSL for all of it.

Josh
--
Josh Wisenbaker, ACSA
http://www.afp548.com
Breaking my server to save yours.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Help: WebMail connection refused? (From: "David M.Cotter" <email@hidden>)
 >Re: Help: WebMail connection refused? (From: nigel kersten <email@hidden>)
 >Re: Help: WebMail connection refused? (From: Josh Wisenbaker <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.