-----Original Message-----
From: Mixter <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, November 30, 1999 10:23 AM
Subject: serious Qpopper 3.0 vulnerability
>PS: The installation file suggests to run qpopper without tcpd, e.g.:
>pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s
>I would NOT suggest doing it that way. Use:
>pop3 stream tcp nowait root /usr/sbin/tcpd qpopper -s
>instead. At least for me it works behind a tcp wrapper, and that way,
>you can use access control and every connection _attempt_ gets logged.
Does anyone know why qpopper suggests running without wrappers? Does it
lose some functionality that way, or is it deadwood from a previous
incompatibility between tcpd and qpopper? It seems pretty significant to
suggest not using wrappers, and I would expect a significant reason for
that, but I don't recall seeing anything about it in the docs.
Josh Higham
