Thijssen put forth on 2/9/2010 4:19 AM:
> - If they like flashy GUI bullshit like HTML-mail and WYSIWYG
> formatted emails and spam and commerce, then don't use Squirrelmail.
> - If they focuss on actual text content and plaintext emails (the way
> it should be), then squirrelmail is your Number One choice, far
> outweighing all others.
>
> It's rock stable and top-secure.
Tell me about this "top-secure" aspect of Squirrelmail again. ;)
Received: from mail.afranet.com (mail.afranet.com [80.75.0.13])
by greer.hardwarefreak.com (Postfix) with ESMTP id 1F0AC6C2B9
for <s...@hardwarefreak.com>; Thu, 11 Feb 2010 07:02:04 -0600 (CST)
...
Received: from 78.138.3.237
(SquirrelMail authenticated user test)
by mail.afranet.com with HTTP;
...
User-Agent: SquirrelMail/1.4.15
...
To: undisclosed-recipients:;
...
:::YEAR 2010 E-MAIL AWARDS:::
Dear Winner,
...
CONTACT HIM WITH YOUR DETAILS, FILL Details BELOW;
*** Your Full Name
*** Your Address
*** Your Country
*** Your Phone number
*** Your Age(Date of birth)
*** Your Gender(Male or Female)
*** Your present Occupation
*** Your Micros ID
...
I get phish and 419 from compromised Sqirrelmail servers at least once or twice
a month. I've yet to receive one from a compromised Roundcube, Horde, or SOGo
server. Now, in fairness to SM, this probably has as much to do with widespread
implementation and poor administration as it does insecure code. It appears the
phish sent from the SM server in the example above utilized a test account with
a weak or non-existent password.
Regarding Jose's comments about his web servers constantly being scanned for
Roundcube directories, I see no one else reporting this. I run a Roundcube
server and see nothing of the sort. Additionally, scans != compromise or high
potential for compromise. I see thousands of scans and login attempts on my ssh
and ftp ports monthly. Does that mean that Proftpd and sshd are automatically
vulnerable? Because people are scanning them? You made a pretty weak argument
against Roundcube with that example.
--
Stan
