From owner-freebsd-net Fri Aug 14 12:35:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA27023 for freebsd-net-outgoing; Fri, 14 Aug 1998 12:35:49 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from spinner.netplex.com.au (spinner.netplex.com.au [202.12.86.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA26995 for ; Fri, 14 Aug 1998 12:35:42 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from spinner.netplex.com.au (localhost [127.0.0.1]) by spinner.netplex.com.au (8.8.8/8.8.8/Spinner) with ESMTP id DAA22339; Sat, 15 Aug 1998 03:32:50 +0800 (WST) (envelope-from peter@spinner.netplex.com.au) Message-Id: <199808141932.DAA22339@spinner.netplex.com.au> X-Mailer: exmh version 2.0.2 2/24/98 To: Philippe Regnauld cc: Toby Swanson , =?iso-8859-1?Q?Dag-Erling_Coidan_Sm=F8rgrav?= , freebsd-net@FreeBSD.ORG Subject: Re: Mail server... In-reply-to: Your message of "Thu, 13 Aug 1998 12:13:44 +0200." <19980813121344.16224@deepo.prosa.dk> Content-Transfer-Encoding: quoted-printable Date: Sat, 15 Aug 1998 03:32:45 +0800 From: Peter Wemm Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Philippe Regnauld wrote: > Toby Swanson writes: > > = > > On 06Aug98 Dag-Erling Coidan Sm=F8rgrav wrote: > > = > > > Don't *whack* use *whack* qpopper *whack* *whack* > > = > > Are there any particular reasons to not use qpopper? > = > "How do you want to be cracked today ?" > = > Qpopper had its moment of (non)glory last month, when a buffer > overflow was discovered in versions 2.4x -- it was fixed in 2.5 and up= =2E > = > The overflow gave you instant root access from anywhere. And there are still *many* problems remaining. It's a very shoddy progra= m = IMHO, and the "fixes" are merely bandaids while the real problems remain.= = It's string handling and termination really sucks. If *just one* spot wa= s = missed, the holes are still there to exploit all over again. > Cucipop may be a bit better, but why *whack* do you even *whack* > ASK *whack* *whack* ! :-) The cucipop code style scares the hell out of me, but it's bloody fast an= d dots all the i's and crosses all the t's etc - I'd be rather suprised if major holes were found. It has a few bugs that are a bitch to track down= (see previous gripe about code style), but nothing serious. It's mainly = a cosmetic glitch where it announces the per-message size a few bytes too large and fetchmail complains about that. It doesn't know about expired = passwords either. It's got some really devious features too.. :-) You can sabotage the UID= L command to strongly "encourage" your users to NOT keep mail on the server= forever, and do all sorts of things like auto-delete old (read) messages etc. (The UIDL sabotage means that if they select "leave on server", they'll get another "new" copy of each message each time they connect.) > -- = > -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11= =2E3E ]- > = > The Internet is busy. Please try again later. > = > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > = Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message