Question
What is APOP?
Am I able to configure this type of authentication in GMS?
Answer
If you have validated your UserID and Password against the POP3 server without using authentication, this does not give 100% protection against hackers who use programs that “sniff” passwords.
The reason this is not secure is because the password is sent across in plain text format.
APOP (Authenticated POP) is an extension of the standard POP3 protocol. Authenticating to a POP server will mean your userid and password are both encrypted by the client before being passed “over the Internet”.
The receiving server must then be able to decrypt the password.
If you are using an emulator such as Telnet to establish a POP connection, it is easy to determine if APOP has been enforced.
In addition to the standard greeting…”+OK POP3 server ready”, additional information is provided, such as…
+OK POP3 server ready <13541519300002@test.dom>
Using the options in Security > Connections you may:
- Disallow people from using APOP.
- Allow anyone to use APOP.
- Require everyone to use APOP.
APOP is not available for NT User Database accounts or accounts managed via the Authentication DLL.
For more information please see: NTMail Administrators Guide sections 10.1 & 12.4.
Keywords:APOP, security, authentication, POP