----- Original Message -----
From: "Serge Knystautas" <[EMAIL PROTECTED]>
To: "Java Apache Mail Server" <[EMAIL PROTECTED]>
Sent: Thursday, October 19, 2000 8:03 AM
Subject: Slight security hole
> Is there anyway to configure Avalon (at least the branch we're using) so
> that it doesn't expose to all IP addresses the "die!" command? Before I
> realized this just now, someone could telnet into port 4554 on my mail
> server machine, type die!, and the server dies. Fortunately I was on an OS
> where I could restrict something like this, but this is a huge hole.
I completely agree. The purpose of that "functionality" is to provide a hook
to do administration. Unfortunately, it has been left in. I am going to post
this message to the Avalon group. and make sure that it can be done. If not
in this version, then in the new 3.0 alpha release.
> Unless there's a way to configure this, I'd like to patch the Avalon branch
> we're on to only process connections that are from the local machine... I
> just don't think we can allow the 1.2 release to go out like this. Any
> strong comments against?
Please do so. +1000
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://www.mail-archive.com/james%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
