SECURITY INFO:

Xlassie processes mail server passwords, which means that there are
security implication to its use.

You need to avoid having passwords present in ways other users can
observe.  One way to avoid this is to invoke it as

 ssh-askpass "POP Password" | xlassie -password ask ...

The script
 /usr/share/doc/xlassie/examples/xlassie-auto
shows another reasonably secure yet convenient way to invoke xlassie,
assuming you trust your file system's security.

With either of these, you remain vulnerable to someone touching your
console for a second to run a program that pokes through xlassie's
memory image, grovels out the password, and sends it to the evildoer.

Aside from this, POP-3 is not a secure protocol, so network sniffing
can reveal the clear text password.  To defeat this, at boot time I
set up an stunnel connection between localhost and the POP-3 server.
Then xlassie can connect to localhost instead of the real mail server.



USAGE HINTS

You might need to use the -nokde option when under wmaker.  It seems
to pick up hints for both.  At least, this is what I do.