On Fri, 12 Dec 2008 00:51:23 +0100, Sam Varshavchik <mrs...@courier-mta.com> wrote:
Martin Strand writes:
Using courier-pop3d, is there any way to disable simple USER/PASS login so that only AUTH login with CRAM-SHA1 works?
I tried setting POP3DAUTH="CRAM-SHA1" but USER/PASS still works...
USER/PASS is always permitted. There is no toggle to turn it off.
Does anyone have any good tips on how to work around this at the moment?
Is there perhaps a way to configure a set of "banned" commands?
Maybe I could write a small pop3 proxy in Perl and intercept any USER/PASS commands?
As someone pointed out, SSL would make more sense but unfortunately that's not an option in this case.