Meaning there are no exploits for Cyrus that I know of. I would suggest only using imaps (which is supported by cyrus, you just need to create a n X.509 certificate if you don't have one), as like all cleartext protocols (POP, telnet, etc) imap is inherently insecure. If you want to use cleartext you can use the sasldb feature, that way your login name and/or password for Cyrus don't have to be the same as your system login name/password. If someone is sniffing you, then they will be able to read your mail but they won't have a login on your box. Still, creating a certificate and using imaps is better. Mantra for today: encryption is good ;-) Cyrus also has a pretty manageable CLI Stefan Mike Garabedian wrote:
How secure do you mean when you say secure?
"Stefan Suurmeijer (prive)" wrote:
Suse also comes with Cyrus IMAP, which is a lot nicer IMHO, and pretty secure. You need to get a patch for it from the update site, because of some error made in the configuration, but AFAIK there hasn't been any bug in it for at least nine months. I haven't used UW imap for a while, so I can't compare the two security wise
HTH
Stefan
Evert Smit wrote:
It's got it's exploit and is generally considered insecure, there is an imap4 version around i believe which should close down the holes and give ye a secure service.
regards Evert
Hi all
I'd like to use the Washington IMAP server (Version: 2000c - 110) instead of POP3 on SuSE 7.3 but in the conf file following comment is given:
# Imapd - Interactive Mail Access Protocol server # Attention: this service is very insecure
my question is, should I use IMAP or rather wait for a patch?
thanx Georg
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
------------------------------------ Apprearance deceives, nature doesn't ------------------------------------
-- ================================================================ Stefan Suurmeijer University of Groningen, Rekencentrum P.O. Box 800 NL-9700 AV Groningen, The Netherlands tel: (+31) 50 363 8258 - fax: (+31) 50 363 3406 E-mail: S.M.Suurmeijer@rc.rug.nl E-mail: stefan@symbolica.nl (private) ================================================================
PGP fingerprint: 183A F476 6E97 611C 061B 4425 5698 917B 2145 AA25
Quies custodiet ipsos custodes? (Who'll watch the watchmen?)
#define question ((bb) || (!bb)) - William Shakespeare
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ================================================================ Stefan Suurmeijer University of Groningen, Rekencentrum P.O. Box 800 NL-9700 AV Groningen, The Netherlands tel: (+31) 50 363 8258 - fax: (+31) 50 363 3406 E-mail: S.M.Suurmeijer@rc.rug.nl E-mail: stefan@symbolica.nl (private) ================================================================ PGP fingerprint: 183A F476 6E97 611C 061B 4425 5698 917B 2145 AA25 Quies custodiet ipsos custodes? (Who'll watch the watchmen?) #define question ((bb) || (!bb)) - William Shakespeare