On 19-Feb-2001 [EMAIL PROTECTED] wrote:
> qmail author give some guaranties about security, sendmail is known as badly
> secured but main
> linux distributions dont forgive it (same for bind)...
> Is your code was audited specifically for security ? ( carefully checked i
> mean )
SecurityFocus has reviwed XMail finding a buffer overflow attack point in 0.58,
that was fixed two hours later by issuing 0.59.
The current version ( fixed in 0.68 ) has a possible buffer overflow in CTRL
server, but before to attack the buffer, You've to be logged in :)
The new version has a byte range checking for commands that block ( by dropping
the connection ) hacker attacks if sent bytes are out of RFC char range.
>> About help, yes i like to have the tools section of XMail filled of useful
>> tools ( configurators, installers, external modules, ... ), that are what
>> makes
>> a mail server more usable.
>
> I think i'll give a try to xmail, so if i found some external tools are
> needed, i will develop them.
> Do u have any orientation about languages to use or not to use ? ( i think
> about Perl/C/C++ with portability thinking )
> Since xmail run on NT/Unix, using VB restrict tools to NT, perhaps a warning
> about this should appear somewhere.
Use the language you feel more confortable with, it's up to you.
Maybe C/C++ ( if written in portable way ), Perl and Tcl are pretty portable
with recompilation ( C, C++ ) or with the installation of interpreters ( Perl
and Tcl are available for both Unix and Win32 ).
- Davide
