However, POP3 is designed for small and secure networks. From it's design one sees that it's not intended to be used through insecure networks. The user's password is transmitted in plaintext. Thus you can sniff the entire password at any place between client and server.
Needless to say that this sucks somehow.
This can be "fixed" by tunneling the POP3 stream through an encrypted connection and only use a small and safe network connection for an unencrypted stream.
The tunnel is created by ssh (lsh isn't
ready yet). It will connect one port on the local host to a port on a
remote host. Thus if you connect to the port at the local host you'll
be connected through the encrypted tunnel to the port on the remote
machine. You will need an account and ssh on both
machines.
The command for creating such a tunnel is
ssh -f -L 2345:remote:110 remote sleep 20 </dev/null >/dev/nullThis will connect the port 2345 on the local host with port 110 (POP3) on the remote machine. It requires an account on the remote machine.
If you're using a highlevel mail reader (Mutt, Pine, Netscape) all you need to do after creating the tunnel is to reconfigure it to connect to the local port.
When using Linux you will normally use fetchmail to fetch
the mail from the pop server and process them locally. Fetchmail is
already prepared to use an encrypted tunnel.
The following .fetchmailrc will establish an encrypted
tunnel and then use this tunnel to fetch the mail.
poll mail via localhost port 2345 with proto pop3:
user foo
pass bar
mda "/usr/bin/procmail -d $USER"
preconnect "ssh -f -L 2345:remote:110 remote sleep 20 </dev/null >/dev/null";