[Ti] apop and Panther Mail.app
Mark Johnson
mkj at direcway.com
Sun Oct 3 12:44:40 PDT 2004
>
> On Oct 3, 2004, at 3:10 AM, Chris Olson wrote:
>
>> When the initial connection is made to a POP server, the server
>> displays a timestamp in its banner. The client uses this timestamp to
>> create an MD5 hash string that is shared between the server and
>> client. The next time the client connects to the server (e.g., to
>> check for new mail) it will issue a command (APOP) and the hash
>> string. This reduces the number of times that a user's userid and
>> password are transmitted in clear text.
>
> To clarify, I believe the challenge-response differs on each login and
> is based on a combination of the date/time and the user's password, but
> done in a way so that the user never has to send their actual password
> over the wire, but instead proves that they know it by complementing
> the server's hash. That way they never have to send their password in
> clear text, not once.
>
>> Tell your friend to tell the ISP's tech support person to get a clue,
>> and they could start by referring to the specification for POP3
>> servers which is covered in RFC 1725.
>
I tried this with my 2 email accounts and one gave me '-ERR authorization
first' the other gave '-ERR invalid command'
> mac2, basically it sounds like the person's ISP's POP3 server is
> basically advertising that it supports APOP when in fact it sounds like
> it does not. You can confirm this by opening Terminal, typing 'telnet
> <mail server hostname> 110' and then when it greets you, typing 'CAPA'
> to get a list of the POP3 server's capabilities. If you see 'APOP' in
> there, then something is fishy.
>
> --
> Justin R. Miller
> incanus at codesorcery.net
>
> _______________________________________________
> Titanium mailing list
> Titanium at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/titanium
More information about the Titanium
mailing list