I've been notified by the administrator of a server that someone, after hacking his server, has installed SniffIt and pointed it to one of mine servers, and he sniffed a lot of email usernames and passwords.:angry:
Telnet access is disabled and email users cannot login with ssh, can someone tell me if I have to worry? There's a way to prevent sniffing on port 110 (POP3)?
Thanks!
Ricky

You can use SSL to connect to email, just as you can for web sites. Also, you might want to look into secure FTP, as FTP is just as poor as telnet in the manner it transfers clear text passwords. Most email programs support the option to use SSL to transfer email. Most FTP client's do not though, but there are some out there. Also, even if you have telnet and SSH disabled, if you allow people to FTP files, they can upload scripts that can execute any shell commands, and still root your server, so have the server checked out anyway, change your passwords (of course) and see about implementing SSL on POP and FTP.

use imap over ssl / ttsv3
it's encrypted. fast. and beats the pants off of pop3!