I currently have logging turned on, as it is nice to have logging going when someone calls with an issue and you can check the history.
One thing I noticed, is the POP3 logging includes whatever password the client sent in (apop or plain text or whatever). Since I can't force the clients to use POP3, is there a way to not log the password? This seems like a serious sercurity issue to have a file on your hard drive with plain-text passwords. On this topic, I joined the Xmail-WAI mail-list, but haven't gotten any receipts or replies on that mail list yet. I'm sure some of you are using this... Xmail and Xmail-WAI are now working fairly well for me, but I'm very concerned about having my Xmail and Xmail-WAI admin passwords in plain-text in the config.xml file. Xmail-WAI also displays the user's password in plain-text when they are logged in. This seems very in-secure to me. Also, in Win2K, what directory permissions do you use for the xmwconfig and xmadmin directorys? I had Administrator/System full, but I had to enable Full for Everyone to get MailProc and other functions working in Xmail-Wai. Any tips would be appreciated. For now, I'm only going to use Xmail-WAI for on-machine administration and I've blocked all http traffic to the box. Anyone else have thoughts on these security issues? ... Jason Badry - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
