[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread ]
"Ian P. Christian" wrote:
Whatever you do, make sure it isn't facing the Internet, unless you are really hot on the security settings!What steps would you people suggest are made to IMAP servers to secure them? Is the defalt debian install of courier *that* bad?
No idea on Debian and Courier - certainly IMAP got a bad security reputation early on - and I wouldn't trust a default install of anything without going over it carefully. UWIMAP on Redhat is run as root from inetd.conf and changes to become the relevant user, the default allows any user to read/write almost any file that user has access to, so my guess any security issues at all will almost certainly be an immediate compromise of any accessible account, or a root level remote exploit. In ISP IMAP environments the users don't have to exist at the OS level, and presumably don't need valid home directories, or shells, or UIDs, but life is too short for the rest of us, easier just not to expose imapd to the general Internet - use a VPN or similar to get at it from a remote location. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.