On Fri, Sep 22, 2006 at 03:57:45PM +0200, viq wrote: > On 9/22/06, Henning Brauer <[EMAIL PROTECTED]> wrote: > >* viq <[EMAIL PROTECTED]> [2006-09-22 14:53]: > >> I am looking at setting up a mail solution for my home usage, and > >> those seem to be a popular option from what people on the net seem to > >> say. But, when looking at what we have in ports I noticed the versions > >> are over 2 years old... So here's my question - did anyone have, or is > >> aware of, any problems with them that would be fixed in the newer > >> versions? Is anyone actually running those, or self-compiled newer > >> versions thereof? Any issues with them? > > > >courier-imap 4.x breaks compatibility in a spectacular way > >(authetication is entirely different). latest 3.x works just fine for > >us. > > > >newer does not imply better. > > Ah, indeed. Good I asked then ;) Though, securityfocus does have a few > entries on courier-imap... > And latest 3.x is 3.0.8, and in our tree we have 3.0.5 ...
While the facts you state are correct, the suggestion that the Courier-IMAP in tree is vulnerable is not. The vulnerabilities you state are either fixed in 3.0.5 or not relevant; see the Changelog at http:/www.courier-mta.org/imap. Joachim