From owner-freebsd-security  Tue Jul 21 14:30:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA18786
          for freebsd-security-outgoing; Tue, 21 Jul 1998 14:30:53 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18714
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 14:30:33 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id PAA17747;
	Tue, 21 Jul 1998 15:30:08 -0600 (MDT)
Message-Id: <199807212130.PAA17747@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Tue, 21 Jul 1998 15:30:05 -0600
To: ben@efn.org
From: Brett Glass <brett@lariat.org>
Subject: Re: Why is there no info on the QPOPPER hack?
Cc: Jeremy Shaffner <jer@jorsm.com>, security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.980721141904.12932A-100000@Tyr.office.EFN.or
 g>
References: <199807211928.NAA15499@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 02:22 PM 7/21/98 -0700, Ben wrote:

>Due to the large cpu usage, and the disk space needed on large production 
>machines for /var/pop when qpopper copies over the users mail spool, we went
>to using cucipop.  You might try this too, it uses about 30% less cpu, and
>doesn't have these exploits(yet? I haven't looked through it's code)
>
> -> ftp://ftp.informatik.rwth-aachen.de/pub/packages/cucipop/
>

I have written the developer asking if cucipop supports XTND XMIT. This
command
is necessary to allow users who log in from outside the LAN to send e-mail
through
the server, since we have disabled relaying to avoid spam.

I haven't gotten an answer.

>The only way to be truly secure is to stay on top of things.  Why wasn't
someone
>else filling in for you during your vacation?

There was one, and he would have called me if he'd seen a problem. But
people who 
know UNIX even at the level I know it (approximately journeyman level; I'm
certainly no expert sysadmin) are in short supply . He's an NT expert, and
would have called me for direction if he had to do anything nontrivial.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message