1. Forum
  2. Fidonet
  3. WINDOWS

  • pop3/110 non-SSL?

    From August Abolins@2:221/1.58 to All on Mon Feb 6 09:39:00 2023
    I've been reading a bit about the 995/SSL/pop3 issue. it seems
    that not using SSL is more of a problem when using public-wifi.

    My connections to the ISP are direct, either mobile or DSL.

    I'm not sure that pop3/110 sends a password in the clear.

    smtp/465/SSL is the login mechanism, no?

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: (2:221/1.58)
  • From Stephen Walsh@3:633/280 to August Abolins on Tue Feb 7 10:19:30 2023

    Hello August!

    06 Feb 23 09:39, you wrote to all:

    My connections to the ISP are direct, either mobile or DSL.

    I'm not sure that pop3/110 sends a password in the clear.

    Yes they are in the clear.


    smtp/465/SSL is the login mechanism, no?

    There is also another tab you can check and that's the "Outgoing Server" tab, the option there to turn on is "My server requires Authorization".
    Then use "same as incoming".






    Stephen


    --- GoldED+/LNX 1.1.5-b20220409
    * Origin: Dragon's Lair BBS, Telnet: dragon.vk3heg.net (3:633/280)
  • From August Abolins@2:221/1.58 to Stephen Walsh on Mon Feb 6 19:36:00 2023
    Hello Stephen!

    I'm not sure that pop3/110 sends a password in the clear.

    Yes they are in the clear.

    Definitely, I should definately avoid Outlook then. But I also
    use Mailwasher to preview server mail status; MW doesn't seem
    to have any secure port settings at all. :(

    I don't really travel with my XP laptop anymore; it just sits
    at home. I understand that most of these in-the-clear pw
    sessions are primarily a concern over public wifi.


    smtp/465/SSL is the login mechanism, no?

    There is also another tab you can check and that's the
    "Outgoing Server" tab, the option there to turn on is "My
    server requires Authorization". Then use "same as
    incoming".

    I have about 4 email accounts that I use with the server. A
    couple of them are configured to use the "requires
    Authorization". But SSL/995/pop3 stil doesn't cooperate.

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: (2:221/1.58)
  • From Real User@1:103/705 to All on Sun Mar 5 09:41:59 2023
    On 2023-02-07, August Abolins <august.abolins@2> wrote:

    Hello Stephen!

    I'm not sure that pop3/110 sends a password in the clear.

    Yes they are in the clear.

    Definitely, I should definately avoid Outlook then. But I also
    use Mailwasher to preview server mail status; MW doesn't seem
    to have any secure port settings at all. :(

    I don't really travel with my XP laptop anymore; it just sits
    at home. I understand that most of these in-the-clear pw
    sessions are primarily a concern over public wifi.


    smtp/465/SSL is the login mechanism, no?

    There is also another tab you can check and that's the
    "Outgoing Server" tab, the option there to turn on is "My
    server requires Authorization". Then use "same as
    incoming".

    I have about 4 email accounts that I use with the server. A
    couple of them are configured to use the "requires
    Authorization". But SSL/995/pop3 stil doesn't cooperate.

    --
    ../|ug

    --- OpenXP 5.0.57
    * Origin: (2:221/1.58)

    Try Retrozilla, I think it came with a mail client.
    You can enable up to TLS v1.3 with a setting in about:flags
    from a web I found somewhere:

    "To anyone who may read this post, Retrozilla does support AES-GCM
    cipher suites, but you need to enable them through about:config. search
    "security.ssl3" then create a new Boolean
    "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256" and
    "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256". Retrozilla works very
    well, and I'm excited for the next version (especially a 3.0 release)."

    Get retrozilla:

    http://piteusz.ovh/files/windows/9x-nt/
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)