With immediate effect we are be disabling the POP-Lock form of authentication on any shared and reseller servers where this was enabled. This option was not available on all servers however. POP-Lock authenticates your account with the server when you first download mail (POP). You can then send mail for 20 minutes without further authenticating. And as people have mail clients set to check when it's open it is possible some of you do not have "My Server Requires Authentication" set in your mailbox properties. We have always told people to set this - in tickets, in the forum, it's even in the Activation email but some will not have this set so please do check this and set it.
POP-Lock was causing two major problems. The first one is that we found Outlook 2007 users could get a message "None of the authentication methods supported by this client are supported by your server". Secondly we found that this type of authenticating in some cases actually stripped SMTP Authenticating altogether. That is a huge security hole and we were lucky it wasn't exploited.
If you have a Linux dedicated server or Linux VPS we advise you do the same by going to Server > Mail and unchecking "POP3 lock time" as a precautionary measure.
Open thread:
Server and Policy Issues - Nexology Community
Mail Changes on Linux Servers - URGENT
- Need Support? Quickest reponses are found at the 
IT'S HERE - Nexus 3.0
Linear Mode
