Stephen Bosch wrote:
> I only sent it once. Did you get two?
yup, take a look at
http://www.ornl.gov/its/archives/mailing-lists/qmail/2000/09/threads.html
(try doing a case sensitive search for OT)
its there twice
> Is this still the case? I don't know of any known vulnerabilities with
> the latest release of UW IMAP, but I'd sure like to hear about them if
> there are some.
I don't know of any currently, but then I don't know of any current
sendmail holes either and I'm not running that for the same reasons. For
me its simply an issue of "how many times am I going to let this bite me in
the ass before I do something to put and end to it for good." You know
what they say about prevention being the best medicine.
> The README acknowledges that there have been problems in the past but
> that these have been corrected and that they changed the process by
> which they developed the software to prevent glaring holes from
> appearing in future...
Well, thats great, now if they'd just agree with what the rest of the world
considers a glaring hole.
(enter the land of annoying frames)
http://www.securityfocus.com/templates/archive.pike?tid=55881&threads=1&end=2000-04-19&start=2000-04-13&fromthread=0&list=1&&_ref=1113491655
> I know many of you hate UW IMAP, but Courier doesn't support
> /var/spool/mail =)
yeah, if thats a requirement then courier isn't an option
> I tried to compile the SSL version of UW IMAP, but it's not working...
> is the stunnel wrapper easier to set up?
Its not very hard, I couldn't judge if its any easier than a native ssl
enabled imapd seeing as I haven't built one myself, but the instructions
are decent as long as you grok the usual certificate handling issues.
--
Jamie Heilman http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution."
-Sathington Willoughby
