At 8:25 PM -0700 7/31/03, bcl wrote:
If I understand you correctly you are proposing having APOP fall back to
POP3 when it isn't available from the server? The problem I have with that
is that fetchmail will then be revealing passwords in the clear without the
express configuration of the admin. When I set it up for APOP I don't expect
my passwords to be going across the link, no matter what.
No, what I'm suggesting is that APOP really should be an
authorization mechanism, not a protocol (since that's what it is).
If you do a protocol of POP3 and auth of ANY, then APOP ought to get
tried somewhere in there (probably after cram-md5 and before
password). If you specify APOP explicitly, then you'll either get
it, or get a failure. That doesn't change.
--
Kee Hinckley
http://www.messagefire.com/ Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.