I don't think I want to generate a patch because I made some other mods
(unrelated to this) as well.
First, I'm running imap-2001a.RELEASE-CANDIDATE.1 (don't know if this is
the latest release or not).
I modified ./src/imapd.c. Edit the file and search for IMAP4rev1. In
my version, I went to the second occurance of this and it looked
something like this:
/* PSOUT (tcp_serverhost ());
PSOUT (" IMAP4rev1 ");
PSOUT (version);
PSOUT (" at ");
PSOUT (tmp); */
As you can see, I commented all this out.
Then I modified ./src/ipopd/ipop3d.c. Edit the file and search for OK
and go to the 3rd instance of OK. It will look like the below. I
commented out the parts shown below.
PSOUT ("+OK POP3");
if (!challenge[0]) { /* if no MD5 enable, output host name */
/* PBOUT (' ');
PSOUT (tcp_serverhost ()); */
}
/* PSOUT (" v");
PSOUT (version); */
PSOUT (" server ready");
if (challenge[0]) { /* if MD5 enable, output challenge here */
PBOUT (' ');
PSOUT (challenge);
}
A cleaner way would be to add a define somewhere that would control
turning these on and off, but I didn't want to get into that.
Note again, that this is my version and where yours is located may
require some extra searching.
For those of you that weren't aware of this and are interested, I would
recommend downloading a tool called "nessus" which audits your system
for some well known attack methods and reports back and where you may
have some areas of weakness. Well worth the exercise, IMHO.
Now, if any of these mods causes a problem, please don't come back and
complain 'cause I don't know what I'm doing! ;-)
Friedrich Lobenstock wrote:
> Jesse W. Asher wrote:
>
>>
>> BTW, I just modified the code and commented out all these pieces of
>> information and recompiled. Everything seems to be working fine....
>
>
> Patches? Where?
>
--
Jesse W. Asher [EMAIL PROTECTED]
