The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

POP3/EXIM plain text password (PCI Compliance)

Discussion in 'General Discussion' started by kmpanilla, Apr 2, 2008.

  1. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Been running a PCI compliance scanner on our box and it complains about plain text password authentication being available for pop3 and sending mail.

    So I'm wondering what are the steps for turning up cram-md5 or some secure password authentication methods for exim and pop3 for non-SSL connections?

    Seems like a big pain to move all my users over to SSL or a SPA method. Anybody have any suggestions, or can I fight back on these two "issues"?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    POP3 authentication is to the courier-imap package and nothing to do with exim. The configuration files four courier-imap are in /usr/lib/courier-imap/etc/ and the pertinent one is likely to be:

    /usr/lib/courier-imap/pop3d

    This seems to suggest that the various encrypted logins should be available.

    That said, changing over to simply using POP3 over SSL is no more difficult that changing over to use encrypted password authentication in most email clients.
     
Loading...

Share This Page