Re: popa3d removed from base - what do people recommend?
On Mon, Jan 06, 2014 at 01:10:09PM -0500, John Smith wrote: I think pop3 is dead but recently there was a mail in tech@ stating Sunil Nimmagadda develops pop3 daemon closed to OpenBSD standards. That's a good point. I don't like leaving mails on the server for more than a day or so, but I don't see why I can't emulate this behavior on IMAP. I had originally chosen POP3 because OpenBSD came with it batteries-included. There's still some research I need to do on my own, but it does look like dovecot fits the OpenBSD mentality of security first in development. dovecot has more vulns. than other open source imap implementations all together. Dovecot: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dovecot (31) Cyrus IMAP https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Cyrus-imap (3) etc..
Re: popa3d removed from base - what do people recommend?
previously on this list Артур Истомин contributed: I think pop3 is dead but recently there was a mail in tech@ stating Sunil Nimmagadda develops pop3 daemon closed to OpenBSD standards. That's a good point. I don't like leaving mails on the server for more than a day or so, but I don't see why I can't emulate this behavior on IMAP. I had originally chosen POP3 because OpenBSD came with it batteries-included. There's still some research I need to do on my own, but it does look like dovecot fits the OpenBSD mentality of security first in development. dovecot has more vulns. than other open source imap implementations all together. Dovecot: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dovecot (31) Cyrus IMAP https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Cyrus-imap (3) etc.. I don't think that paints an accurate picture in this case. You will see more for cyrus listed on osvdb.org than mitre many of which from a quick look are more worrying than dovecots. I believe Dovecot is used by more people and so is more likely to have bugs found and still offers a $1000 for any root exploit. Perhaps you know both better than me as I know Dovecot quite well but not Cyrus but from a quick look at the documentation and website. Cyrus seems to have far less pro-active security features that some of the vulnerabilities simply bypass. Good to know it has competition though, I've only ever looked at Cyrus-sasl. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: popa3d removed from base - what do people recommend?
I think pop3 is dead but recently there was a mail in tech@ stating Sunil Nimmagadda develops pop3 daemon closed to OpenBSD standards. That's a good point. I don't like leaving mails on the server for more than a day or so, but I don't see why I can't emulate this behavior on IMAP. I had originally chosen POP3 because OpenBSD came with it batteries-included. There's still some research I need to do on my own, but it does look like dovecot fits the OpenBSD mentality of security first in development. Thanks everyone!
Re: popa3d removed from base - what do people recommend?
On 2014-01-05, John Smith jpmar...@outlook.com wrote: What would people recommend for a simple replacement for SSL pop3? I feel like the general consensus will be switch to popa3d in ports, popa3d is not currently in ports.
Re: popa3d removed from base - what do people recommend?
On 2014-01-04 Sat 21:04 PM |, John Smith wrote: What would people recommend for a simple replacement for SSL pop3? I use dovecot for IMAP only (no POP). It can do SSL authenticate against the /etc password arrangement. Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: popa3d removed from base - what do people recommend?
On Sat, Jan 04, 2014 at 09:04:27PM -0500, John Smith wrote: I'm a fan of simple setups and try to stick with the base programs if possible. I've been using an SSL relayd wrapper around popa3d for a simple and base-supported mail setup with opensmtpd. What would people recommend for a simple replacement for SSL pop3? I feel like the general consensus will be switch to popa3d in ports, but I'll take this as an opportunity to migrate to something better if there's a good alternative. Thanks in advance! I think pop3 is dead but recently there was a mail in tech@ stating Sunil Nimmagadda develops pop3 daemon closed to OpenBSD standards. http://marc.info/?l=openbsd-techm=137227187806151w=2 http://marc.info/?l=openbsd-techm=137348456028504w=2 jirib
Re: popa3d removed from base - what do people recommend?
dovecot is pretty much the only sane option for pop3 and imap servers these days. On 2014 Jan 04 (Sat) at 21:04:27 -0500 (-0500), John Smith wrote: :I'm a fan of simple setups and try to stick with the base programs if :possible. I've been using an SSL relayd wrapper around popa3d for a simple and :base-supported mail setup with opensmtpd. : :What would people recommend for a simple replacement for SSL pop3? I feel like :the general consensus will be switch to popa3d in ports, but I'll take this :as an opportunity to migrate to something better if there's a good :alternative. : :Thanks in advance! : -- I have made this letter longer than usual because I lack the time to make it shorter. -- Blaise Pascal
Re: popa3d removed from base - what do people recommend?
On Sun, Jan 05, 2014 at 05:24:35PM +0100, Peter Hessler wrote: dovecot is pretty much the only sane option for pop3 and imap servers these days. On 2014 Jan 04 (Sat) at 21:04:27 -0500 (-0500), John Smith wrote: :I'm a fan of simple setups and try to stick with the base programs if :possible. I've been using an SSL relayd wrapper around popa3d for a simple and :base-supported mail setup with opensmtpd. : :What would people recommend for a simple replacement for SSL pop3? I feel like :the general consensus will be switch to popa3d in ports, but I'll take this :as an opportunity to migrate to something better if there's a good :alternative. : :Thanks in advance! : I don't think so. See: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dovecot (31 CVE) vs. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=courier-imap (3 CVE)
popa3d removed from base - what do people recommend?
I'm a fan of simple setups and try to stick with the base programs if possible. I've been using an SSL relayd wrapper around popa3d for a simple and base-supported mail setup with opensmtpd. What would people recommend for a simple replacement for SSL pop3? I feel like the general consensus will be switch to popa3d in ports, but I'll take this as an opportunity to migrate to something better if there's a good alternative. Thanks in advance!
