Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] is washington imap secure
  • From: "Stefan Suurmeijer (prive)" <stefan@xxxxxxxxxxxx>
  • Date: Mon, 28 Jan 2002 17:45:34 +0100
  • Message-id: <3C55802E.9060404@xxxxxxxxxxxx>
Meaning there are no exploits for Cyrus that I know of. I would suggest only using imaps (which is supported by cyrus, you just need to create a n X.509 certificate if you don't have one), as like all cleartext protocols (POP, telnet, etc) imap is inherently insecure. If you want to use cleartext you can use the sasldb feature, that way your login name and/or password for Cyrus don't have to be the same as your system login name/password. If someone is sniffing you, then they will be able to read your mail but they won't have a login on your box. Still, creating a certificate and using imaps is better. Mantra for today: encryption is good ;-)
Cyrus also has a pretty manageable CLI

Stefan


Mike Garabedian wrote:

How secure do you mean when you say secure?

"Stefan Suurmeijer (prive)" wrote:

Suse also comes with Cyrus IMAP, which is a lot nicer IMHO, and pretty
secure. You need to get a patch for it from the update site, because of
some error made in the configuration, but AFAIK there hasn't been any
bug in it for at least nine months. I haven't used UW imap for a while,
so I can't compare the two security wise

HTH

Stefan

Evert Smit wrote:

It's got it's exploit and is generally considered insecure, there is an
imap4 version around i believe which should close down the holes and give
ye a secure service.

regards
Evert

Hi all

I'd like to use the Washington IMAP server (Version: 2000c - 110)
instead of POP3 on SuSE 7.3 but in the conf file following comment is
given:

# Imapd - Interactive Mail Access Protocol server
# Attention: this service is very insecure

my question is, should I use IMAP or rather wait for a patch?

thanx
Georg


--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


------------------------------------
Apprearance deceives, nature doesn't
------------------------------------


--
================================================================
Stefan Suurmeijer
University of Groningen, Rekencentrum
P.O. Box 800
NL-9700 AV Groningen, The Netherlands
tel: (+31) 50 363 8258 - fax: (+31) 50 363 3406
E-mail: S.M.Suurmeijer@xxxxxxxxx
E-mail: stefan@xxxxxxxxxxxx (private)
================================================================

PGP fingerprint: 183A F476 6E97 611C 061B 4425 5698 917B 2145 AA25

Quies custodiet ipsos custodes? (Who'll watch the watchmen?)

#define question ((bb) || (!bb)) - William Shakespeare

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx



--
================================================================
Stefan Suurmeijer
University of Groningen, Rekencentrum
P.O. Box 800
NL-9700 AV Groningen, The Netherlands
tel: (+31) 50 363 8258 - fax: (+31) 50 363 3406
E-mail: S.M.Suurmeijer@xxxxxxxxx
E-mail: stefan@xxxxxxxxxxxx (private)
================================================================

PGP fingerprint: 183A F476 6E97 611C 061B 4425 5698 917B 2145 AA25

Quies custodiet ipsos custodes? (Who'll watch the watchmen?)

#define question ((bb) || (!bb)) - William Shakespeare




< Previous Next >