From owner-freebsd-security Tue Jan 30 8: 1:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (lc4-lfd11.law5.hotmail.com [216.32.243.33]) by hub.freebsd.org (Postfix) with ESMTP id 6D1F537B503 for ; Tue, 30 Jan 2001 08:01:13 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 30 Jan 2001 08:01:13 -0800 Received: from 192.122.209.42 by www.hotmail.msn.com with HTTP; Tue, 30 Jan 2001 16:01:12 GMT X-Originating-IP: [192.122.209.42] From: "Edward W. M." To: freebsd-security@FreeBSD.ORG Subject: POP3 / IMAP security Date: Tue, 30 Jan 2001 08:01:12 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 30 Jan 2001 16:01:13.0137 (UTC) FILETIME=[DE76D210:01C08AD5] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everyone, I apologize in advance if you feel that I should have posted this to questions. I intend to run POP and IMAP services on a new machine, so I need easily deployable secure servers that can be installed from the ports. Cyrus is out of the question for me, I am running that on another box and I just need something more easily deployable for this one. All my users have shell access and log in via ssh, so the bugs in the UW imap server are not that relevant, but still, that is one bug-ridden piece of software and I think it's just a matter of time before another security related bug is discovered. The same goes for popper and as I do not have the time to do the research, I hope to hear from experienced admins out there who have done the research (tee hee :-)) and are willing to share their knowledge and experience. Once I install the pop / imap servers I will allow access to pop and imap from localhost only, allowing users to tunnel to pop / imap through ssh. That takes care of the major threat, but still, there are a few local users that pose a potential threat, so I need proven, secure and easily deployable solutions. Thank you, Edward W. M. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message