> Why would you use IMail's DLL from another box... DDL = Data Definition Language = Imail table structure. Not DLL.
> Simply by allowing secure auth at the gateway (instead of your > internal mail server) provides a few benefits. Linux default pw > hashes are more secure than IMail's default pw cipher (it's not > really encrypted, right?). Anybody who owns your server can do a lot worse, such as creating new accounts for spam, changing passwords of all accounts, etc. And anybody skilled who owns your mail server can probably also hop on the SQL train before anything is encrypted, as IMail's ODBC DLL requires that the passwords be stored in plain-text in the DB. > It's been my experience that I'd have better luck attacking admin > level access to NT than root to a linux box. The application-level vulnerability is what you have to worry about. If you know a way to hack an IMail box through an IMail service, please inform Ipswitch. :) > So what's this you speak of improving IMail's pw handling? I think I > saw someone trying to do this, but they had troubles, what's the > correct way to do it? You customize the DLL to hash the password before storing it. We do this, and someone else on the list mentioned a similar adaptation. -Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] ------------------------------------ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
