Re: [courier-users] disable USER/PASS login? - Martin Strand - net.sourceforge.lists.courier-users

6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] disable USER/PASS...

From	Sent On	Attachments
Martin Strand	Dec 11, 2008 8:10 am
Toma Daniel	Dec 11, 2008 9:06 am
Sam Varshavchik	Dec 11, 2008 3:51 pm
Martin Strand	Dec 11, 2008 4:49 pm
Sam Varshavchik	Dec 11, 2008 7:05 pm
Martin Strand	Dec 11, 2008 11:28 pm

Subject:	Re: [courier-users] disable USER/PASS login?
From:	Martin Strand (do.n...@gmail.com)
Date:	Dec 11, 2008 4:49:04 pm
List:	net.sourceforge.lists.courier-users

On Fri, 12 Dec 2008 00:51:23 +0100, Sam Varshavchik <mrs...@courier-mta.com>
wrote:

Martin Strand writes:

Using courier-pop3d, is there any way to disable simple USER/PASS login so that
only AUTH login with CRAM-SHA1 works? I tried setting POP3DAUTH="CRAM-SHA1" but USER/PASS still works...

USER/PASS is always permitted. There is no toggle to turn it off.

Thanks. Does anyone have any good tips on how to work around this at the moment? Is there perhaps a way to configure a set of "banned" commands? Maybe I could write a small pop3 proxy in Perl and intercept any USER/PASS
commands?

As someone pointed out, SSL would make more sense but unfortunately that's not
an option in this case.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets