Rod K wrote:
X-Istence wrote:
Hash: SHA1

Jean Wainer wrote:

There's a "vpopmail" plugin for squirrelmail. The only catch is that
you have to run apache as "vpopmail" user.

Thus giving anyone that has web access or is allowed to run PHP scripts
on your server the allowance to play with vpopmail as much as they want.
If this is just a webmail based server i do think it is okay, but if i
were you i would still be worried.

I agree.  Even though our server running squirrel is ONLY running squirrel and no other sites, and no users but our staff have access, we chose NOT to run Apache as vpopmail.  Instead the PHP scripts write data to a file and a cron job running as vpopmail on a 5 minute cycle does sanity checks and processes the request.
Care to share?

Reply via email to