I'll admit it, I'm the person Lindsay's referring to when he talks about going into "red-alert" mode when CGI and setuid-root occurs in the same sentence.
I thought I'd go ahead and post a followup to his message to try to clarify things a bit.
From what I've seen on the web, and has been echoed in my conversations with Lindsay, the Courier MTA does not seem to have a history of serious security problems or exploits. This is a good thing. It means that Courier doesn't have serious architectural weaknesses and the developers are following good security coding practices.
I also know that, even with the best intentions, security flaws will happen and exploits will occur... eventually. That it's not a question of "if" you get hacked, but "when".
Given that, what I'm really interested in discussing is what sort of "best-practices" or extra security measures would be considered appropriate when deploying sqwebmail... especially if you're deploying it on something that's not a dedicated web server.
-Randy
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
