Hi...

I've been trying to get POP3S working on my RH7.2 box, and I can get to work, but not without it popping up a window re: the cert not being trusted, etc... And w/ Eudora, it won't work at all with the certificate, even if I add it to my trusted certs...

So, my question is: How big of a security hole is it if I just run POP3??? All users who will be getting mail, and therefore sending clear-text passwords, will be users with pretty much no access other than mail (i.e. /bin/false)... Is it possible that someone with just a mail user's ID and PW could escalate that ID beyond it's current low-access settings??? Or someone who sniffed that ID/PW as it was sent???

Thanks Much...