[Spambayes] Password visible in SB Proxy V 1.1b2

[Dale Schroeder]

On 05/09/2011 7:59 AM, Peter Liepmann wrote:
> Probably I'm just being stupid.   The .ini file doesn't have the POP3 
> email password in clear?  That's just for the web interface?
That is correct.
> How/where would I enter the email password in the pop3proxy?  Is that 
> in email client (Thunderbird)- but that looks at localhost, and sends 
> a password there.
I also use Thunderbird, and that is exactly where the email password is 
stored.
> More stupidity- does that simply get passed on to the email POP3 server?
Yes.  I use one linux Spambayes server for our entire domain, and no 
user's password is stored in Spambayes.  They remain with the email client.
> Sorry for making a false alarm, if that's what I did.
Enjoy your Spambayes.  I've found it to be an excellent bit of software.

Dale

>
> On 5/9/2011 8:50 AM, Dale Schroeder wrote:
>> On 05/09/2011 4:39 AM, skip at pobox.com wrote:
>>>      Peter>  Can I just replace my current spambayes files/reinstall 
>>> with the
>>>      Peter>  1.1a6 files?  Does 1.1a6 hide the email password better?
>>>
>>> That's the rub.  Nothing related to the user interface has changed 
>>> in a long
>>> while.  I'd be surprised if any older version behaved differently.
>>>
>>> I'm not the author of the POP3 proxy application, so it will 
>>> probably take
>>> me awhile to figure out where it's even generating the password entry.
>>>
>>> Skip
>>>
>> Looking at the Advanced Configuration page in 1.1b1, the only 
>> password I can see is for access to the web UI.
>> This password does not have to be (and should not be) identical to 
>> the user's email password.
>>
>> Skip is correct when he says this has not changed recently.  At the 
>> very least, it has been this way since 1.04, circa 2005.
>>
>> Dale
> .
>