On Wed, Nov 05, 2003 at 08:04:02PM +0100, Chris Carter wrote:
> Hi,
>
> I would like to ask some questions which I have not been able to find
> answers for. I admit I have not installed DBMail but I did see the site
> and the README files in the source code.
>
> 1. What are the differences between 1.x versions and the new 2.0 alpha1?
The database code has been reorganized to separate MySQL and
PostgreSQL-specific code from common database access code.
LDAP authentication was added
(from cvs commit messages)
* extra database table physmessage ("physical message", as opposed
to the normal messages table which now becomes a sort of virtual
message table. The new table does not hold to much, only
messagesize, rfcsize and internal_date. Nice thing is that records
in messages now hold a reference to a physmessage record, and
messageblks-records also hold such a reference. This way, more
messages-records can use the same messageblks. This speeds up
operations like copying, because the message blocks themselves do
not have to be copied.
* users table now holds the field "curmail_size" which holds the
current mail size of the user. When a user's current mailsize is
checked, this value is used. The value is updated after every
operation that changes the users mailbox-size
Ilja, anything else significant?
> 2. I finally twigged that DBMail does not have an MTA of its own but
> uses external programs (eg: Postfix). True?
Right. Most people seem to use postfix, but some use exim and maybe even a few
use sendmail (?).
> 3. How does DBMail's IMAP support compare to other packages? Does
> M$Lookout work? Can I use Ximian Evolution? Or Kmail? I presume that POP
> works just fine (but I am interested in IMAP).
I've only tested IMAP with mutt and mozilla.
> 5. Where does one configure the TCP ports (is it in the database?).
There's a config file, dbmail.conf.
> 6. Is there any documentation?
Not too much yet.
> 7. Has anyone experienced something really awful with DBMail? (be honest
> now :)
I haven't used it in production yet.
> 8. Is it secure to attacks? DoS, etc.?
A few security problems have been found. I think there was a SQL
injection (or was it a buffer overflow?) vulnerability fixed in the
login code a few months ago. Someone mentioned that there are probably
other similar vulnerabilities elsewhere in the code. I don't think
they've been addressed yet (Please correct me if I'm wrong). I'm sure
dbmail would benefit from a security audit.
Patches have recently been written to start dbmail-imapd and
dbmail-pop3d from (x)inetd and using an apache style preforking scheme
which should help against some DoS attacks.
xn
