> So what do you do when the next IMail exploit pops up such as that > LDAP exploit and you have no way to fix the bug? Can a serious > business even take the risk of this happening?
There's no evidence to suggest that security-related patches will not be made available for old versions, as evidenced repeatedly in the pattern of moves from 5-6, 6-7, and 7-8. The particular exploit you mentioned is in a component of IMail that is now open-source, and so by definition can always be patched. Furthermore, using IMail simply as a wrapper for Declude gives you only one possible attack vector (SMTPD) in a module which essentially hasn't changed in several years (SMTPD retains its old, non-multithreaded code, despite QUEUEMGR's improvements on the delivery side). Such patterns may change, but telling our IMail clients that we're choosing them a new product _now_ would be an admittance of a sheer lack of control. I'd prefer that the development of, for example, a new Declude MTA or preferred MTA integration not be paced by user panic. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] ------------------------------------ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
