Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] IMAP servers safe?
From: Thomas Nau <thomas.nau () RZ UNI-ULM DE>
Date: Tue, 31 Oct 2000 16:34:13 +0100

We only work with about 5000 mail users of which most don't use SSL (to
bad). We found that forcing them to SSL causes lots of anger and trouble
so I cannot rely give you numbers on the load.


On Tue, 31 Oct 2000, Stefan Suurmeijer wrote:

|Hi Thomas,
|On Tue, 31 Oct 2000, Thomas Nau wrote:
|> Stefan.
|> We changed from qpopper to Cyrus IMAP/IMP/stunnel about 6 months ago and
|> are quiet happy about the solution. A drawback ist the POP support which
|> doesn't work as expected when people leave their mails on the server but
|> that's what IMAP is made for. The best point about Cyrus are it's support
|> for quota and the authentication backend which doesn't require UNIX
|> accounts for users at all (a big security plus for me). Beside that I
|> cannot tell you too much about beside the falws of IMP as documented in
|> BugTraq a while ago.
|So I figure you use stunnel to solve Cyrus' lack of SSL support? Could you
|give me an indication of how much system load this creates? Since we will
|be working with upwards of 30,000 users, who would fall somewhere
|inbetween "heavy mail user" and "do you eat e-mail or something?" ;-)
|The last IMP bug I found was in April. I suppose this has been fixed in
|the current release?
|> Hope this helps,
|>      Thomas
|A lot. Thanks,

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000

  By Date           By Thread  

Current thread:
  • Re: [PEN-TEST] IMAP servers safe? Thomas Nau (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]