Patrick: The standard IMAPD is unsecure in a lot of ways. For one thing, you'll want to use a more secure authentication method, which doesn't put your user name and password on the net in plain text. Probably, you'll also want to use SSL or TLS to encrypt your imap connection. I use the Courier IMAPd, with Maildir support, with SSL protection configured. See: http://www.inter7.com/courierimap/. See also http://www.courier-mta.org/. Postfix, which SuSE supports directly, is easily configured to use Maildir instead of mbox. Qmail also supports Maildir directly. There is a lot of good information available from the qmail web site: http://qmail.valueclick.com/top.html#addons Chris Shaker ----- Original Message -----
From: "Patrick Mairif"
To: Sent: Thursday, February 14, 2002 5:11 AM Subject: [suse-security] imap Hello,
from /etc/inetd.conf: # Imapd - Interactive Mail Access Protocol server # Attention: This service is very insecure # imap stream tcp nowait root /usr/sbin/tcpd imapd
What does this mean? Why is it insecure? Is there a secure way to run an imap-server?
patrick!