RE: pop mail recommendations

To: <debian-security@lists.debian.org>
Subject: RE: pop mail recommendations
From: "Jeff AA" <jaa.debian@aquabolt.com>
Date: Fri, 6 Dec 2002 12:48:19 -0000
Message-id: <000b01c29d25$c139b2d0$3864a8c0@comice>
In-reply-to: <51341B7FA34CD2119FA20008C7289B1C051C1B72@panoramix.coe.int>

Second the recommendation for courier.

We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.

We did compare with Cyrus, but that fell down on integration with
exim.

This is the list dpkg -l *courier* | grep ii shows:

ii  courier-authda 0.37.3-2.3     Courier Mail Server authentication
daemon
ii  courier-authmy 0.37.3-2.3     MySQL Authentication for Courier Mail
Server
ii  courier-base   0.37.3-2.3     Courier Mail Server Base System
ii  courier-imap   1.4.3-2.3      IMAP daemon with PAM and Maildir
support
ii  courier-imap-s 1.4.3-3.1      IMAP daemon with SSL, PAM and Maildir
suppor
ii  courier-pop    0.37.3-2.3     POP3 daemon with PAM and Maildir
support
ii  courier-pop-ss 0.37.3-3.1     POP3 daemon with SSL, PAM and Maildir
suppor
ii  courier-ssl    0.37.3-3.1     Courier Mail Server SSL Package

Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users 
with shell access or you are opening a large number of doors and putting
out a nice big 'Hack here!' flag. A little tcpdump on your segment will 
get you a nice list of all the users / passwords for all your pop users
- 
use pop-ssl instead.

regards
Jeff

> -----Original Message-----
> From: DEFFONTAINES Vincent [mailto:Vincent.DEFFONTAINES@coe.int] 
> Sent: 06 December 2002 11:29
> To: debian-security@lists.debian.org
> Subject: RE: pop mail recommendations
> 
> 
> I personnally used courrier-pop which did good, but never did 
> I compare it
> with others.
> 
> 
> > -----Original Message-----
> > From: Ted Roby [mailto:secalert@tedroby.com]
> > Sent: Friday 6 December 2002 11:51
> > To: debian-security@lists.debian.org
> > Subject: pop mail recommendations
> > 
> > 
> > I have setup exim to host my domain's SMTP services.
> > 
> > I am now looking for something to host POP3 on the same 
> Debian potato 
> > box.
> > 
> > I am asking the security list because that is my primary interest.
> > I would like to find something stable, reasonably known to 
> be secure, 
> > perhaps specifically recommended for debian servers, and 
> can run as a 
> > stand-alone daemon.
> > 
> > Would any of you care to make a recommendation?
> > 
> > 
> > ---
> > Random fortune:
> > 
> > A long-forgotten loved one will appear soon.
> > 
> > Buy the negatives at any price.
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact 
> > listmaster@lists.debian.org
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- Re: pop mail recommendations
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- RE: pop mail recommendations
  - From: "Christian Storch" <storch@infra.net>
- Re: pop mail recommendations
  - From: Glen Mehn <glen@burningman.com>
- Re: pop mail recommendations
  - From: Ted Roby <secalert@tedroby.com>

References:
- RE: pop mail recommendations
  - From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>

Prev by Date: Re: Updating Snort Signatures In Stable ?
Next by Date: Re: pop mail recommendations
Previous by thread: RE: pop mail recommendations
Next by thread: Re: pop mail recommendations
Index(es):
- Date
- Thread