mpop and starttls security
A recent security analysis of STARTTLS revealed
many problems of STARTTLS (as opposed to immediate TLS) in mail clients and servers.
The researchers published their fake mail server
software that can be used for testing client software such as mpop.
I used this software to test mpop and found no problems related to STARTTLS, but I would be grateful if someone
could double check this in case I missed something. Please let me know your results,
I will update this news item accordingly!
I did however find a potential null-pointer dereference if the server does not support the UIDL command.
This is now fixed in the git repository.