Hello, I am new to POP3 servers and was hoping that folks on this list would be able to offer some suggestions on security.
I am interested in installing QPopper with TLS/SSL, as this seems like it would be the most secure configuration with regards to user authentication and message contents. I am vaguely familiar with APOP, Kerberos, and PAM. Is their any advantage to running SSL/TLS QPopper with any of these other protocols, or is SSL/TLS sufficient on it's own? One other concern I have with the general "stability" of QPopper itself in terms of the developer turnaround time for dealing with new exploits. From what I can tell from the Eudora site, QPopper 4.0.4 has been in Beta sine September 2001. Is QPopper still being actively developed? It seems to me that there are 2 significant security alerts that have yet to be resolved: The 2048+ characters exploit http://www.digitux.net/security/advisories.html?id=34&display=info, and the 'popauth' Module Symlink Bug http://securitytracker.com/alerts/2001/Dec/1003005.html Can I expect a rapid turnaround time for bug resolution? Any feedback is appreciated Michael Caplan Institute for Social Ecology http://www.social-ecology.org/ 1118 Maple Hill Road Plainfield, VT, 05667 USA
