Jamie Heilman wrote:
> We got your first message just fine, no need to keep sending it over and
> over again.
I only sent it once. Did you get two?
> To setup an SSL wrapper around UW's IMAP server I suggest you go to
> stunnel.org and read the documentation.
>
> It is, ofcourse, probably worth mentioning that any security you gain from
> using SSL connections you're going to circumvent by using something as
> poorly written as UW's IMAP server. There's every indication that that
> the programers at UW just don't give a damn about security. I suggest you
> look into courier-imap instead, provided that it's Maildir-only nature
> doesn't interfere with your plans.
Is this still the case? I don't know of any known vulnerabilities with
the latest release of UW IMAP, but I'd sure like to hear about them if
there are some.
The README acknowledges that there have been problems in the past but
that these have been corrected and that they changed the process by
which they developed the software to prevent glaring holes from
appearing in future...
I know many of you hate UW IMAP, but Courier doesn't support
/var/spool/mail =)
I tried to compile the SSL version of UW IMAP, but it's not working...
is the stunnel wrapper easier to set up?
-Stephen-
