From owner-freebsd-security@FreeBSD.ORG Mon Jun 16 11:25:12 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FA1E37B401 for ; Mon, 16 Jun 2003 11:25:12 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CF4C43F75 for ; Mon, 16 Jun 2003 11:25:11 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h5GIPA1f016232; Mon, 16 Jun 2003 19:25:10 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h5GIPAJY016231; Mon, 16 Jun 2003 19:25:10 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h5GILtHh090812; Mon, 16 Jun 2003 19:21:55 +0100 (BST) (envelope-from mark@grondar.org) Message-Id: <200306161821.h5GILtHh090812@grimreaper.grondar.org> To: Dave From: markm@freebsd.org In-Reply-To: Your message of "Mon, 16 Jun 2003 11:03:01 PDT." <20030616105955.U11598@metafocus.net> Date: Mon, 16 Jun 2003 19:21:55 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=-0.2 required=5.0 tests=IN_REP_TO,NO_REAL_NAME,QUOTED_EMAIL_TEXT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-security@freebsd.org Subject: Re: POP daemon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 18:25:12 -0000 Dave writes: > What would be a good POP daemon to use? I know there are a few in the > mail ports. Are they any good? This question is impossible to answer. :-) "Hey! You have CD's! Are any of them any good?" "Of course they are! That's why I bought them??!" > What I mean by good is 'secure as possible' (is there really such thing as > being totally secure / invulnerable?) You need to help folks when asking very open questions like this. 1) What is your threat model? a) What are you trying to protect? b) How badly do your attackers want this? c) How much can you afford for resources to thwart this? 2) What research have you already done? a) You should have knowlege of a set of features and be asking about those. b) you should already know which are blatantly _not_ suitable and why. 3) Why does this question not belong in newbies@/questions@? The use of the word "secure" is not enough. Without pre-empting the above, you won't get useful answers. It's like asking "What car should I get?", without disclosing that you are a family man, and that a Ferrari is useless compared with an RV. M -- Mark Murray iumop ap!sdn w,I idlaH