Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

POP3/EXIM plain text password (PCI Compliance)

Discussion in 'General Discussion' started by kmpanilla, Apr 2, 2008.

  1. kmpanilla

    kmpanilla Member

    Oct 24, 2003
    Likes Received:
    Trophy Points:
    Been running a PCI compliance scanner on our box and it complains about plain text password authentication being available for pop3 and sending mail.

    So I'm wondering what are the steps for turning up cram-md5 or some secure password authentication methods for exim and pop3 for non-SSL connections?

    Seems like a big pain to move all my users over to SSL or a SPA method. Anybody have any suggestions, or can I fight back on these two "issues"?
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    POP3 authentication is to the courier-imap package and nothing to do with exim. The configuration files four courier-imap are in /usr/lib/courier-imap/etc/ and the pertinent one is likely to be:


    This seems to suggest that the various encrypted logins should be available.

    That said, changing over to simply using POP3 over SSL is no more difficult that changing over to use encrypted password authentication in most email clients.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice