Re: Updating Snort Signatures In Stable ?
On Fri, 06 Dec 2002 04:18:52 +, I wrote: >I've been running Snort for a month or so now on a Woody box at work, >and am now wondering whether the Debian Project (or packager) has a >Plan for providing signature file updates to users of the stable >distribution. Well thanks for the answers folks - it seems clear (especially after checking http://www.snort.org/dl/rules/, which says "If you are using a version before 1.9.x, please upgrade") that I should stop using the Debian stable V1.8.4 package and switch to hand-built V1.9.0 made from source - and I'll gladly grab Kristof's signature update script and adapt to my needs (thanks for that). [I hope my current MySQL and Acidlab backend works with the later Snort - I guess I'm about to find out ..] I'd suggest maybe a note about V1.8.4 being "useless" should be added to http://packages.debian.org/stable/net/snort.html, along with some advice about getting signature updates (i.e. roll your own). IIRC "important new versions of existing packages" are allowed into point releases, so maybe Woody's main Snort engine binary packages can be updated when 3.0r1 happens. And I still think it'd be nice if we could find a way to package up and push out stable signature updates - but I can see why that would be difficult to set policy for. Cheers, Nick Boyce Bristol, UK -- "... the fundamental design flaws are completely hidden by the superficial design flaws." Douglas Adams(1952 - 2001): So Long and Thanks For All The Fish.
Re: Stack-smashing protection
On Sat, 7 Dec 2002 01:09:59 +0100 Albert Cervera Areny <[EMAIL PROTECTED]> wrote: > So it isn't really that the hole system runs 8% slower. Sorry for my > first explanation... Now I think it is an overhead which is afordable > seeing its benefits. For your purposes, anyways. As has been said, this will likely never be a Debian-wide thing; I imagine that if anything there will be an option for it. pgp5jlG0DSiIc.pgp Description: PGP signature
Re: Updating Snort Signatures In Stable ?
On Fri, 06 Dec 2002 04:18:52 +, I wrote: >I've been running Snort for a month or so now on a Woody box at work, >and am now wondering whether the Debian Project (or packager) has a >Plan for providing signature file updates to users of the stable >distribution. Well thanks for the answers folks - it seems clear (especially after checking http://www.snort.org/dl/rules/, which says "If you are using a version before 1.9.x, please upgrade") that I should stop using the Debian stable V1.8.4 package and switch to hand-built V1.9.0 made from source - and I'll gladly grab Kristof's signature update script and adapt to my needs (thanks for that). [I hope my current MySQL and Acidlab backend works with the later Snort - I guess I'm about to find out ..] I'd suggest maybe a note about V1.8.4 being "useless" should be added to http://packages.debian.org/stable/net/snort.html, along with some advice about getting signature updates (i.e. roll your own). IIRC "important new versions of existing packages" are allowed into point releases, so maybe Woody's main Snort engine binary packages can be updated when 3.0r1 happens. And I still think it'd be nice if we could find a way to package up and push out stable signature updates - but I can see why that would be difficult to set policy for. Cheers, Nick Boyce Bristol, UK -- "... the fundamental design flaws are completely hidden by the superficial design flaws." Douglas Adams(1952 - 2001): So Long and Thanks For All The Fish. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Stack-smashing protection
Sorry, I didn't say it as it really is... "It shows an 8% overhead on function calls, which should be the upper bound on the real costs of running programs under this protection system. The overall overhead of guarded programs varies with how many functions are called that have character array. Figure 10 shows a program's name, its description, the number of functions declared, and the number of functions used with character arrays. In most cases, the usage of a character array is less than 10% of the functions. It isn't the same as the ratio of the number of functions executed, but there is a some correlation between them." Some overhead examples are in the web page ("http://www.trl.ibm.com/projects/security/ssp/node5.html#SECTION00051000"; quite a nice URL ;-) Perl 4% ctags 1% impad 0% So it isn't really that the hole system runs 8% slower. Sorry for my first explanation... Now I think it is an overhead which is afordable seeing its benefits. A Friday 06 December 2002 23:13, Thing va escriure: > 8% is a huge hit, by all means a module or an option, however I question > its need as "standard". I would not want it there unless Im convinced it > truely offers protection from a quantifiable risk. I dont want to see the > kernel go the way of MS's kernel ,one huge bloated mess. > > Lets see some papers/justification for this item, it may not be needed in > all situations. > > regards > > Thing > > On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote: > > I've read in slashdot > > (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd > > has included stack-smashing protection using the ProPolice > > (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 > > > > I think it would be a great idea to use this patch with debian too as > > soon as gcc becomes the compiler by default. Protecting the entire system > > from this kind of bugs would really be a great security step forward. > > Would somebody make some kind of statistics of how many of this year's > > bugs wouldn't have made the system vulnerable with this patch? > > > > Though there is about of 8% performane overhead I think it is worth using > > this. And more now that gcc makes programs about 8% faster ;-)
Re: Possible security violation in the suck-package?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * Marcus Frings <[EMAIL PROTECTED]> [021207 00:52]: > Hello, > > I just migrated from leafnode to inn + suck on my Debian Woody box. > After installing suck I think I have discovered a possible security > violation. /etc/suck/get-news.conf is installed as root:root with > default file permissions 644. This means that $WORLD can read passwords > from this file which are stored there to get access to the upstream > newsserver. right. > IIRC /usr/sbin/get-news has to be run as user "news" and not as "root" > thus the script won't work if I change the permissions of get-news.conf > to 600 or 640. Or am I completely wrong and get-news should be started > as "root"? Anyway, 644 as default for files which store passwords is > pretty weird in my opinion. > Any comments concerning this are very welcome. I would agree giving anyone else the posibility of reading the passwords of your upstream-newsserver wont be a good idea :) That should be definetifly fixed. reguards Martin - -- | | Martin Helas [EMAIL PROTECTED] |PGP: 1474 4CAC EF5C ECFA E29E 2CB1 7929 AB90 F7AC 3AF0 | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE98TwjeSmrkPesOvARAgGhAJ0bvEparbObee04w9QwtfRs/iYjhgCgkEhN 0txLkmMazOOLcbYVOJIE7/E= =8kgV -END PGP SIGNATURE-
Possible security violation in the suck-package?
Hello, I just migrated from leafnode to inn + suck on my Debian Woody box. After installing suck I think I have discovered a possible security violation. /etc/suck/get-news.conf is installed as root:root with default file permissions 644. This means that $WORLD can read passwords from this file which are stored there to get access to the upstream newsserver. IIRC /usr/sbin/get-news has to be run as user "news" and not as "root" thus the script won't work if I change the permissions of get-news.conf to 600 or 640. Or am I completely wrong and get-news should be started as "root"? Anyway, 644 as default for files which store passwords is pretty weird in my opinion. Any comments concerning this are very welcome. Regards, Marcus -- Fickle minds, pretentious attitudes and ugly make-up on ugly faces... The Goth Goose Of The Week: http://www.gothgoose.net pgpAKok8D5QkU.pgp Description: PGP signature
Re: Stack-smashing protection
On Sat, 7 Dec 2002 01:09:59 +0100 Albert Cervera Areny <[EMAIL PROTECTED]> wrote: > So it isn't really that the hole system runs 8% slower. Sorry for my > first explanation... Now I think it is an overhead which is afordable > seeing its benefits. For your purposes, anyways. As has been said, this will likely never be a Debian-wide thing; I imagine that if anything there will be an option for it. msg08061/pgp0.pgp Description: PGP signature
Re: pop mail recommendations
Ted Roby wrote: On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote: Second the recommendation for courier. Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff I've already taken care of login security with my standard security policy. SSH is the only remote login daemon available on the server. Password authentication is disabled. Any access to the box must be done with key authentication. Accounts with pop access (if /etc/passwd is used for authentication) will have a /bin/false shell, and a read-only .ssh directory where no authorized-keys file exists. 98% of the usage on this mail server will be my own accounts. I won't be hosting any clients, but I will be hosting a couple of friends here and there. Of course, that could change in the future, and clients may very well be included in the plan. Because of this, the pop3 access with some time of encrypted authentication (pops apop) is entirely for my own convenience so as to prevent from having to setup an ssh port forward each time I want to check my mail while away from home. I am not concerned with the transparency of the messages themselves, as anything sensitive will be encrypted with GPG. Qpopper definitely interests me, but it hasn't developed enough of a secure history yet with version 4. I think I'll keep an eye on it's development and perhaps use it at a later time. For now, I'm still looking at popa3d, courier, and UofW, as is recommended by some of you. UW imap (which provides the POP access) has a pretty questionable security history, AFAIK. Investigating at securityfocus, etc. might be worth a look. -g
Re: Stack-smashing protection
Sorry, I didn't say it as it really is... "It shows an 8% overhead on function calls, which should be the upper bound on the real costs of running programs under this protection system. The overall overhead of guarded programs varies with how many functions are called that have character array. Figure 10 shows a program's name, its description, the number of functions declared, and the number of functions used with character arrays. In most cases, the usage of a character array is less than 10% of the functions. It isn't the same as the ratio of the number of functions executed, but there is a some correlation between them." Some overhead examples are in the web page ("http://www.trl.ibm.com/projects/security/ssp/node5.html#SECTION00051000"; quite a nice URL ;-) Perl 4% ctags 1% impad 0% So it isn't really that the hole system runs 8% slower. Sorry for my first explanation... Now I think it is an overhead which is afordable seeing its benefits. A Friday 06 December 2002 23:13, Thing va escriure: > 8% is a huge hit, by all means a module or an option, however I question > its need as "standard". I would not want it there unless Im convinced it > truely offers protection from a quantifiable risk. I dont want to see the > kernel go the way of MS's kernel ,one huge bloated mess. > > Lets see some papers/justification for this item, it may not be needed in > all situations. > > regards > > Thing > > On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote: > > I've read in slashdot > > (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd > > has included stack-smashing protection using the ProPolice > > (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 > > > > I think it would be a great idea to use this patch with debian too as > > soon as gcc becomes the compiler by default. Protecting the entire system > > from this kind of bugs would really be a great security step forward. > > Would somebody make some kind of statistics of how many of this year's > > bugs wouldn't have made the system vulnerable with this patch? > > > > Though there is about of 8% performane overhead I think it is worth using > > this. And more now that gcc makes programs about 8% faster ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Stack-smashing protection
8% is a huge hit, by all means a module or an option, however I question its need as "standard". I would not want it there unless Im convinced it truely offers protection from a quantifiable risk. I dont want to see the kernel go the way of MS's kernel ,one huge bloated mess. Lets see some papers/justification for this item, it may not be needed in all situations. regards Thing On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote: > I've read in slashdot > (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has > included stack-smashing protection using the ProPolice > (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 > > I think it would be a great idea to use this patch with debian too as soon > as gcc becomes the compiler by default. Protecting the entire system from > this kind of bugs would really be a great security step forward. Would > somebody make some kind of statistics of how many of this year's bugs > wouldn't have made the system vulnerable with this patch? > > Though there is about of 8% performane overhead I think it is worth using > this. And more now that gcc makes programs about 8% faster ;-)
Re: Possible security violation in the suck-package?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 * Marcus Frings <[EMAIL PROTECTED]> [021207 00:52]: > Hello, > > I just migrated from leafnode to inn + suck on my Debian Woody box. > After installing suck I think I have discovered a possible security > violation. /etc/suck/get-news.conf is installed as root:root with > default file permissions 644. This means that $WORLD can read passwords > from this file which are stored there to get access to the upstream > newsserver. right. > IIRC /usr/sbin/get-news has to be run as user "news" and not as "root" > thus the script won't work if I change the permissions of get-news.conf > to 600 or 640. Or am I completely wrong and get-news should be started > as "root"? Anyway, 644 as default for files which store passwords is > pretty weird in my opinion. > Any comments concerning this are very welcome. I would agree giving anyone else the posibility of reading the passwords of your upstream-newsserver wont be a good idea :) That should be definetifly fixed. reguards Martin - -- | | Martin Helas [EMAIL PROTECTED] |PGP: 1474 4CAC EF5C ECFA E29E 2CB1 7929 AB90 F7AC 3AF0 | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE98TwjeSmrkPesOvARAgGhAJ0bvEparbObee04w9QwtfRs/iYjhgCgkEhN 0txLkmMazOOLcbYVOJIE7/E= =8kgV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Possible security violation in the suck-package?
Hello, I just migrated from leafnode to inn + suck on my Debian Woody box. After installing suck I think I have discovered a possible security violation. /etc/suck/get-news.conf is installed as root:root with default file permissions 644. This means that $WORLD can read passwords from this file which are stored there to get access to the upstream newsserver. IIRC /usr/sbin/get-news has to be run as user "news" and not as "root" thus the script won't work if I change the permissions of get-news.conf to 600 or 640. Or am I completely wrong and get-news should be started as "root"? Anyway, 644 as default for files which store passwords is pretty weird in my opinion. Any comments concerning this are very welcome. Regards, Marcus -- Fickle minds, pretentious attitudes and ugly make-up on ugly faces... The Goth Goose Of The Week: http://www.gothgoose.net msg08058/pgp0.pgp Description: PGP signature
Stack-smashing protection
I've read in slashdot (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has included stack-smashing protection using the ProPolice (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 I think it would be a great idea to use this patch with debian too as soon as gcc becomes the compiler by default. Protecting the entire system from this kind of bugs would really be a great security step forward. Would somebody make some kind of statistics of how many of this year's bugs wouldn't have made the system vulnerable with this patch? Though there is about of 8% performane overhead I think it is worth using this. And more now that gcc makes programs about 8% faster ;-)
Re: pop mail recommendations
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote: Second the recommendation for courier. Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff I've already taken care of login security with my standard security policy. SSH is the only remote login daemon available on the server. Password authentication is disabled. Any access to the box must be done with key authentication. Accounts with pop access (if /etc/passwd is used for authentication) will have a /bin/false shell, and a read-only .ssh directory where no authorized-keys file exists. 98% of the usage on this mail server will be my own accounts. I won't be hosting any clients, but I will be hosting a couple of friends here and there. Of course, that could change in the future, and clients may very well be included in the plan. Because of this, the pop3 access with some time of encrypted authentication (pops apop) is entirely for my own convenience so as to prevent from having to setup an ssh port forward each time I want to check my mail while away from home. I am not concerned with the transparency of the messages themselves, as anything sensitive will be encrypted with GPG. Qpopper definitely interests me, but it hasn't developed enough of a secure history yet with version 4. I think I'll keep an eye on it's development and perhaps use it at a later time. For now, I'm still looking at popa3d, courier, and UofW, as is recommended by some of you. --- There is no character, howsoever good and fine, but it can be destroyed by ridicule, howsoever poor and witless. Observe the ass, for instance: his character is about perfect, he is the choicest spirit among all the humbler animals, yet see what ridicule has brought him to. Instead of feeling complimented when we are called an ass, we are left in doubt. -- Mark Twain, "Pudd'nhead Wilson's Calendar"
Re: pop mail recommendations
Ted Roby wrote: On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote: Second the recommendation for courier. Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff I've already taken care of login security with my standard security policy. SSH is the only remote login daemon available on the server. Password authentication is disabled. Any access to the box must be done with key authentication. Accounts with pop access (if /etc/passwd is used for authentication) will have a /bin/false shell, and a read-only .ssh directory where no authorized-keys file exists. 98% of the usage on this mail server will be my own accounts. I won't be hosting any clients, but I will be hosting a couple of friends here and there. Of course, that could change in the future, and clients may very well be included in the plan. Because of this, the pop3 access with some time of encrypted authentication (pops apop) is entirely for my own convenience so as to prevent from having to setup an ssh port forward each time I want to check my mail while away from home. I am not concerned with the transparency of the messages themselves, as anything sensitive will be encrypted with GPG. Qpopper definitely interests me, but it hasn't developed enough of a secure history yet with version 4. I think I'll keep an eye on it's development and perhaps use it at a later time. For now, I'm still looking at popa3d, courier, and UofW, as is recommended by some of you. UW imap (which provides the POP access) has a pretty questionable security history, AFAIK. Investigating at securityfocus, etc. might be worth a look. -g -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Stack-smashing protection
8% is a huge hit, by all means a module or an option, however I question its need as "standard". I would not want it there unless Im convinced it truely offers protection from a quantifiable risk. I dont want to see the kernel go the way of MS's kernel ,one huge bloated mess. Lets see some papers/justification for this item, it may not be needed in all situations. regards Thing On Sat, 07 Dec 2002 09:29, Albert Cervera Areny wrote: > I've read in slashdot > (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has > included stack-smashing protection using the ProPolice > (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 > > I think it would be a great idea to use this patch with debian too as soon > as gcc becomes the compiler by default. Protecting the entire system from > this kind of bugs would really be a great security step forward. Would > somebody make some kind of statistics of how many of this year's bugs > wouldn't have made the system vulnerable with this patch? > > Though there is about of 8% performane overhead I think it is worth using > this. And more now that gcc makes programs about 8% faster ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Updating Snort Signatures In Stable ?
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote: > This has been discussed before. The thing is, I think that if you're > serious about using snort, you should not even consider using the one in > Debian. snort.org doesn't even distribute up-to-date rules files for > the version in stable. So if you want to have a useful ruleset, you > either need to figure out how to write it for the version in stable, or > you need to get a new version from snort.org. Either way, you're > working "outside" the Debian system. Why couldn't one just use the version from unstable (presumably building it from source)? -- - mdz
Re: pop mail recommendations
Jeff AA wrote: Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. This is the list dpkg -l *courier* | grep ii shows: ii courier-authda 0.37.3-2.3 Courier Mail Server authentication daemon ii courier-authmy 0.37.3-2.3 MySQL Authentication for Courier Mail Server ii courier-base 0.37.3-2.3 Courier Mail Server Base System ii courier-imap 1.4.3-2.3 IMAP daemon with PAM and Maildir support ii courier-imap-s 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor ii courier-pop0.37.3-2.3 POP3 daemon with PAM and Maildir support ii courier-pop-ss 0.37.3-3.1 POP3 daemon with SSL, PAM and Maildir suppor ii courier-ssl0.37.3-3.1 Courier Mail Server SSL Package third the recco for courier/exim. lightweight, fast, reliable. You can also use sqwebmail for your webmail, which is written by the courier author(s), and uses the same libs to talk directly to the maildir folders. It'll allow users to login and change passwords (which may require sqwebmail to be setuid root if you authenticate off of /etc/passwd, which you likely don't want to do, but use postgres or something instead) ymmv, but this is definitely the way to go for me. -g Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff -Original Message- From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED] Sent: 06 December 2002 11:29 To: debian-security@lists.debian.org Subject: RE: pop mail recommendations I personnally used courrier-pop which did good, but never did I compare it with others. -Original Message- From: Ted Roby [mailto:[EMAIL PROTECTED] Sent: Friday 6 December 2002 11:51 To: debian-security@lists.debian.org Subject: pop mail recommendations I have setup exim to host my domain's SMTP services. I am now looking for something to host POP3 on the same Debian potato box. I am asking the security list because that is my primary interest. I would like to find something stable, reasonably known to be secure, perhaps specifically recommended for debian servers, and can run as a stand-alone daemon. Would any of you care to make a recommendation? --- Random fortune: A long-forgotten loved one will appear soon. Buy the negatives at any price. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Stack-smashing protection
I've read in slashdot (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has included stack-smashing protection using the ProPolice (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2 I think it would be a great idea to use this patch with debian too as soon as gcc becomes the compiler by default. Protecting the entire system from this kind of bugs would really be a great security step forward. Would somebody make some kind of statistics of how many of this year's bugs wouldn't have made the system vulnerable with this patch? Though there is about of 8% performane overhead I think it is worth using this. And more now that gcc makes programs about 8% faster ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote: Second the recommendation for courier. Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff I've already taken care of login security with my standard security policy. SSH is the only remote login daemon available on the server. Password authentication is disabled. Any access to the box must be done with key authentication. Accounts with pop access (if /etc/passwd is used for authentication) will have a /bin/false shell, and a read-only .ssh directory where no authorized-keys file exists. 98% of the usage on this mail server will be my own accounts. I won't be hosting any clients, but I will be hosting a couple of friends here and there. Of course, that could change in the future, and clients may very well be included in the plan. Because of this, the pop3 access with some time of encrypted authentication (pops apop) is entirely for my own convenience so as to prevent from having to setup an ssh port forward each time I want to check my mail while away from home. I am not concerned with the transparency of the messages themselves, as anything sensitive will be encrypted with GPG. Qpopper definitely interests me, but it hasn't developed enough of a secure history yet with version 4. I think I'll keep an eye on it's development and perhaps use it at a later time. For now, I'm still looking at popa3d, courier, and UofW, as is recommended by some of you. --- There is no character, howsoever good and fine, but it can be destroyed by ridicule, howsoever poor and witless. Observe the ass, for instance: his character is about perfect, he is the choicest spirit among all the humbler animals, yet see what ridicule has brought him to. Instead of feeling complimented when we are called an ass, we are left in doubt. -- Mark Twain, "Pudd'nhead Wilson's Calendar" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In message <[EMAIL PROTECTED]>, Sven Hoexter writes: >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: >> apt-get install qpopper >> >> Ok! >> >> ;-) >*rotfl* Hope that wasn't a serious answer. >apt-cache search pop3 Really? qpopper is a pretty solid these days, and has features that many of the other pop servers lack. Sure, it has had some problems in the past, but nothing root-level since 4.0. Like the cyrus recommendation, it may be a little bit of overkill for a small site, but all in all, it's a fine recommendation. If we disregarded software that has had problems in the past, sendmail would be dead and buried by now. - -- Ted Cabeen http://www.pobox.com/~secabeen[EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE98OMxoayJfLoDSdIRAs+bAKCVeaCPx039y9dnpOwNCe45jJX5WQCgw7Gc bc2o34s0IAwIgek+4IzU+aE= =2zem -END PGP SIGNATURE-
Re: Updating Snort Signatures In Stable ?
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote: > This has been discussed before. The thing is, I think that if you're > serious about using snort, you should not even consider using the one in > Debian. snort.org doesn't even distribute up-to-date rules files for > the version in stable. So if you want to have a useful ruleset, you > either need to figure out how to write it for the version in stable, or > you need to get a new version from snort.org. Either way, you're > working "outside" the Debian system. Why couldn't one just use the version from unstable (presumably building it from source)? -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
Jeff AA wrote: Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. This is the list dpkg -l *courier* | grep ii shows: ii courier-authda 0.37.3-2.3 Courier Mail Server authentication daemon ii courier-authmy 0.37.3-2.3 MySQL Authentication for Courier Mail Server ii courier-base 0.37.3-2.3 Courier Mail Server Base System ii courier-imap 1.4.3-2.3 IMAP daemon with PAM and Maildir support ii courier-imap-s 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor ii courier-pop0.37.3-2.3 POP3 daemon with PAM and Maildir support ii courier-pop-ss 0.37.3-3.1 POP3 daemon with SSL, PAM and Maildir suppor ii courier-ssl0.37.3-3.1 Courier Mail Server SSL Package third the recco for courier/exim. lightweight, fast, reliable. You can also use sqwebmail for your webmail, which is written by the courier author(s), and uses the same libs to talk directly to the maildir folders. It'll allow users to login and change passwords (which may require sqwebmail to be setuid root if you authenticate off of /etc/passwd, which you likely don't want to do, but use postgres or something instead) ymmv, but this is definitely the way to go for me. -g Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff -Original Message- From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]] Sent: 06 December 2002 11:29 To: [EMAIL PROTECTED] Subject: RE: pop mail recommendations I personnally used courrier-pop which did good, but never did I compare it with others. -Original Message- From: Ted Roby [mailto:[EMAIL PROTECTED]] Sent: Friday 6 December 2002 11:51 To: [EMAIL PROTECTED] Subject: pop mail recommendations I have setup exim to host my domain's SMTP services. I am now looking for something to host POP3 on the same Debian potato box. I am asking the security list because that is my primary interest. I would like to find something stable, reasonably known to be secure, perhaps specifically recommended for debian servers, and can run as a stand-alone daemon. Would any of you care to make a recommendation? --- Random fortune: A long-forgotten loved one will appear soon. Buy the negatives at any price. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote: > Look at brand new > http://packages.debian.org/unstable/mail/cyrus21-imapd.html > > ssl included! Cyrus definitely rocks, but it can't be described as lightweight in any sense of the word. It's very powerful, and would be my first choice for running a very large site (university campus, for example), but most people don't need something quite so industrial strength. Having said that, I should also mention that I run a Cyrus 2.1 installation for about 8 people at work. It works great, but it's overkill. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpSLYEggjMsw.pgp Description: PGP signature
Re: pop mail recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Content-Type: text/plain; charset=us-ascii In message <[EMAIL PROTECTED]>, Sven Hoexter writes: >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: >> apt-get install qpopper >> >> Ok! >> >> ;-) >*rotfl* Hope that wasn't a serious answer. >apt-cache search pop3 Really? qpopper is a pretty solid these days, and has features that many of the other pop servers lack. Sure, it has had some problems in the past, but nothing root-level since 4.0. Like the cyrus recommendation, it may be a little bit of overkill for a small site, but all in all, it's a fine recommendation. If we disregarded software that has had problems in the past, sendmail would be dead and buried by now. - -- Ted Cabeen http://www.pobox.com/~secabeen[EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE98OMxoayJfLoDSdIRAs+bAKCVeaCPx039y9dnpOwNCe45jJX5WQCgw7Gc bc2o34s0IAwIgek+4IzU+aE= =2zem -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: pop mail recommendations
Look at brand new http://packages.debian.org/unstable/mail/cyrus21-imapd.html ssl included! Christian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, December 06, 2002 4:12 PM To: debian-security@lists.debian.org Subject: Re: pop mail recommendations ... I'd suggest The University of Washington's POP3 server. Which does support SSL. However I don't believe the Debian packages for potato included a daemon with SSL support. Not sure about Woody, Sarge or Sid though. I just built it from source. You can get the source here: ...
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote: > In article <[EMAIL PROTECTED]> you wrote: > > > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: > > >> I suggest popa3d from http://www.openwall.com but I'm not sure > >> if you can use it in standalone mode. > > > I like the look of popa3d, but it does not support md5 or ssl > > transport. I know this is trivial protection, but every layer helps. > > I'd suggest The University of Washington's POP3 server. Which does > support SSL. However I don't believe the Debian packages for potato > included a daemon with SSL support. Not sure about Woody, Sarge or > Sid though. I just built it from source. You can get the source here: > > http://www.washington.edu/imap/ AFAIR the history told us that it's nearly as secure or insecure as qpopper. Sven
Re: pop mail recommendations
In article <[EMAIL PROTECTED]> you wrote: > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: >> I suggest popa3d from http://www.openwall.com but I'm not sure >> if you can use it in standalone mode. > I like the look of popa3d, but it does not support md5 or ssl > transport. I know this is trivial protection, but every layer helps. I'd suggest The University of Washington's POP3 server. Which does support SSL. However I don't believe the Debian packages for potato included a daemon with SSL support. Not sure about Woody, Sarge or Sid though. I just built it from source. You can get the source here: http://www.washington.edu/imap/ NOTE: The source is described as "The Univerisity of Washing IMAP Server" or "UW IMAP". Rest assured--the source distribution includes a POP2, POP3 and IMAP daemon.
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote: > Look at brand new > http://packages.debian.org/unstable/mail/cyrus21-imapd.html > > ssl included! Cyrus definitely rocks, but it can't be described as lightweight in any sense of the word. It's very powerful, and would be my first choice for running a very large site (university campus, for example), but most people don't need something quite so industrial strength. Having said that, I should also mention that I run a Cyrus 2.1 installation for about 8 people at work. It works great, but it's overkill. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html msg08050/pgp0.pgp Description: PGP signature
RE: pop mail recommendations
A little HTTPS PHP web page lets users change passwords, enter a vacation message or set up personal exim filters. We don't allow remote pop3 or imap - all is SSL wrapped. We run SquirrelMail through https for users who want a web client. The nicest thing IMO though, is that we only allow relay for authenticated smtp connections via TLS and have a system filter that automatically copies all outgoing mail into a Sent folder - we don't have to rely on buggy clients, and users that have several PCs/Laptops etc, can see ALL their Sent items in a single server-side imap folder. All our domains, users and aliases are read by exim from a local mysql instance. Using maildir format makes it easy for exim to filter into sub-folders etc. We can have shared folders with a single READ status for our tech team etc etc. Regards Jeff > -Original Message- > From: Phillip Hofmeister [mailto:[EMAIL PROTECTED] > Sent: 06 December 2002 13:43 > To: Jeff AA > Cc: debian-security@lists.debian.org > Subject: Re: pop mail recommendations > > > On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote: > > We have exim / courier [pop imap pops imaps] using maildir formats > > and controlled from mysql for virtual users accepting mail for about > > 20 domains. > > How do you handle virtual user password changes with this setup? Can > the users change their own password? > > Phil > > -- > Phil > > PGP/GPG Key: > http://www.zionlth.org/~plhofmei/ > wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import > -- > Excuse #180: Wrong polarity of neutron flow > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
Re: Updating Snort Signatures In Stable ?
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote: > I searched the debian-security archive but didn't hit any items > discussing this, so maybe it's a dumb question - sorry, I'm a newb > here. > > Thanks for _any_ comments at all. Well, the version I am running at this time is "Version 1.9.0 (Build 209)" and was downloaded from snort.org. My friend was kind enough to write a script that downloads signatures for this version from the snort site... This script alters the snort.conf file to include any new rulefiles and restarts snort if nessicery... I find this script very usefull and use it in combination with cron... Anyhow: this is the script located @ www.xssass.be... Kind regards, Kristof Goossens -- Digital fingerprint: F56F F987 0E0C AFF8 0B6D 7CA1 F152 E07D 72AF 337B pgpFWz2uly8PL.pgp Description: PGP signature
RE: pop mail recommendations
Why it did 'fell down .. with exim'? With a little bit more expense as usual cyrus 2.0.16 worked very fine with sendmail 8.12.2! regards, Christian -Original Message- From: Jeff AA [mailto:[EMAIL PROTECTED] Sent: Friday, December 06, 2002 1:48 PM To: debian-security@lists.debian.org Subject: RE: pop mail recommendations Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. ...
RE: pop mail recommendations
Look at brand new http://packages.debian.org/unstable/mail/cyrus21-imapd.html ssl included! Christian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 06, 2002 4:12 PM To: [EMAIL PROTECTED] Subject: Re: pop mail recommendations ... I'd suggest The University of Washington's POP3 server. Which does support SSL. However I don't believe the Debian packages for potato included a daemon with SSL support. Not sure about Woody, Sarge or Sid though. I just built it from source. You can get the source here: ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote: > We have exim / courier [pop imap pops imaps] using maildir formats > and controlled from mysql for virtual users accepting mail for about > 20 domains. How do you handle virtual user password changes with this setup? Can the users change their own password? Phil -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #180: Wrong polarity of neutron flow
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote: > In article <[EMAIL PROTECTED]> you wrote: > > > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: > > >> I suggest popa3d from http://www.openwall.com but I'm not sure > >> if you can use it in standalone mode. > > > I like the look of popa3d, but it does not support md5 or ssl > > transport. I know this is trivial protection, but every layer helps. > > I'd suggest The University of Washington's POP3 server. Which does > support SSL. However I don't believe the Debian packages for potato > included a daemon with SSL support. Not sure about Woody, Sarge or > Sid though. I just built it from source. You can get the source here: > > http://www.washington.edu/imap/ AFAIR the history told us that it's nearly as secure or insecure as qpopper. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
In article <[EMAIL PROTECTED]> you wrote: > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: >> I suggest popa3d from http://www.openwall.com but I'm not sure >> if you can use it in standalone mode. > I like the look of popa3d, but it does not support md5 or ssl > transport. I know this is trivial protection, but every layer helps. I'd suggest The University of Washington's POP3 server. Which does support SSL. However I don't believe the Debian packages for potato included a daemon with SSL support. Not sure about Woody, Sarge or Sid though. I just built it from source. You can get the source here: http://www.washington.edu/imap/ NOTE: The source is described as "The Univerisity of Washing IMAP Server" or "UW IMAP". Rest assured--the source distribution includes a POP2, POP3 and IMAP daemon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ted Roby wrote: | I have setup exim to host my domain's SMTP services. | | Would any of you care to make a recommendation? I personally like teapop. It is very fast and stable. Furthermore it supports authenticating users against postgresql or mysql tables. I would really recommend using sql tables for authentication. Like this the pop3 user base is seperated from the unix user base (imagine someone sniffing a unix password and you forgot to disable login for the pop3 users...) Marcel - -- Marcel Weber - [EMAIL PROTECTED] PGP/GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE98J7T1EXMUTKVE5URAvseAKCfAbB+U/Vqzc2y1WmS2cW8zr/CvwCfYrur yo8eXOXvuZ0ZCy9UEqIAO3g= =FrZJ -END PGP SIGNATURE-
RE: pop mail recommendations
Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. This is the list dpkg -l *courier* | grep ii shows: ii courier-authda 0.37.3-2.3 Courier Mail Server authentication daemon ii courier-authmy 0.37.3-2.3 MySQL Authentication for Courier Mail Server ii courier-base 0.37.3-2.3 Courier Mail Server Base System ii courier-imap 1.4.3-2.3 IMAP daemon with PAM and Maildir support ii courier-imap-s 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor ii courier-pop0.37.3-2.3 POP3 daemon with PAM and Maildir support ii courier-pop-ss 0.37.3-3.1 POP3 daemon with SSL, PAM and Maildir suppor ii courier-ssl0.37.3-3.1 Courier Mail Server SSL Package Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff > -Original Message- > From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED] > Sent: 06 December 2002 11:29 > To: debian-security@lists.debian.org > Subject: RE: pop mail recommendations > > > I personnally used courrier-pop which did good, but never did > I compare it > with others. > > > > -Original Message- > > From: Ted Roby [mailto:[EMAIL PROTECTED] > > Sent: Friday 6 December 2002 11:51 > > To: debian-security@lists.debian.org > > Subject: pop mail recommendations > > > > > > I have setup exim to host my domain's SMTP services. > > > > I am now looking for something to host POP3 on the same > Debian potato > > box. > > > > I am asking the security list because that is my primary interest. > > I would like to find something stable, reasonably known to > be secure, > > perhaps specifically recommended for debian servers, and > can run as a > > stand-alone daemon. > > > > Would any of you care to make a recommendation? > > > > > > --- > > Random fortune: > > > > A long-forgotten loved one will appear soon. > > > > Buy the negatives at any price. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >
RE: pop mail recommendations
A little HTTPS PHP web page lets users change passwords, enter a vacation message or set up personal exim filters. We don't allow remote pop3 or imap - all is SSL wrapped. We run SquirrelMail through https for users who want a web client. The nicest thing IMO though, is that we only allow relay for authenticated smtp connections via TLS and have a system filter that automatically copies all outgoing mail into a Sent folder - we don't have to rely on buggy clients, and users that have several PCs/Laptops etc, can see ALL their Sent items in a single server-side imap folder. All our domains, users and aliases are read by exim from a local mysql instance. Using maildir format makes it easy for exim to filter into sub-folders etc. We can have shared folders with a single READ status for our tech team etc etc. Regards Jeff > -Original Message- > From: Phillip Hofmeister [mailto:[EMAIL PROTECTED]] > Sent: 06 December 2002 13:43 > To: Jeff AA > Cc: [EMAIL PROTECTED] > Subject: Re: pop mail recommendations > > > On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote: > > We have exim / courier [pop imap pops imaps] using maildir formats > > and controlled from mysql for virtual users accepting mail for about > > 20 domains. > > How do you handle virtual user password changes with this setup? Can > the users change their own password? > > Phil > > -- > Phil > > PGP/GPG Key: > http://www.zionlth.org/~plhofmei/ > wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import > -- > Excuse #180: Wrong polarity of neutron flow > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Updating Snort Signatures In Stable ?
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote: > > If so, are there any special steps required to integrate such a > download into our Debian Woody system ? Yes. See below. > > Alternatively, I note there are later signature packages in testing > and unstable - can we use those on a Woody system ? > No, you can't. There are changes in the signature definition that will only work with the unstable version (sid's) and will not work in woody. For the moment, the only think you can do is download sid's package for snort and compile it in a woody system. This is easier than you might think since it has proper Build-Depends so you might need only to point apt to the sid sources and ask it to download the source and --compile it. I have done this successfully in a woody box and could probably post the compiled packages somewhere if anyone is interested (but cannot compromise to recompile for woody each time a new version is available in sid). This is a known issue (it also affects antivirus) and has been debated at length in debian-devel. You might want to search the archive for more information. Regards Javi pgpiMe3ZJD7XV.pgp Description: PGP signature
Re: Updating Snort Signatures In Stable ?
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote: > I searched the debian-security archive but didn't hit any items > discussing this, so maybe it's a dumb question - sorry, I'm a newb > here. > > Thanks for _any_ comments at all. Well, the version I am running at this time is "Version 1.9.0 (Build 209)" and was downloaded from snort.org. My friend was kind enough to write a script that downloads signatures for this version from the snort site... This script alters the snort.conf file to include any new rulefiles and restarts snort if nessicery... I find this script very usefull and use it in combination with cron... Anyhow: this is the script located @ www.xssass.be... Kind regards, Kristof Goossens -- Digital fingerprint: F56F F987 0E0C AFF8 0B6D 7CA1 F152 E07D 72AF 337B msg08045/pgp0.pgp Description: PGP signature
RE: pop mail recommendations
Why it did 'fell down .. with exim'? With a little bit more expense as usual cyrus 2.0.16 worked very fine with sendmail 8.12.2! regards, Christian -Original Message- From: Jeff AA [mailto:[EMAIL PROTECTED]] Sent: Friday, December 06, 2002 1:48 PM To: [EMAIL PROTECTED] Subject: RE: pop mail recommendations Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
Hi all. Ted Roby wrote: I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. How about the combination of popa3d with postfix? Does this team up well? I thought of using qpopper, but I'm willing to think that over again if qpopper has major disadvanteges compared with popa3d. Bye, Mike
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote: > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: > >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: > >>apt-get install qpopper > >>;-) > >*rotfl* Hope that wasn't a serious answer. > >apt-cache search pop3 > > > >I suggest popa3d from http://www.openwall.com but I'm not sure > >if you can use it in standalone mode. > > I like the look of popa3d, but it does not support md5 or ssl > transport. I know this is trivial protection, but every layer helps. Well you asked for pop3 not pop3s. For security and pop3s courier might be a good choice but it's quite complex. (IMHO) > Qpopper does look interesting. Since version 4 it has been released as > free open source (I'm compiling it now, just to take a look). I have > experience with Eudora mail products, primarily EIMS running on MacOS, > so I am familiar with their processes. On one of my machines I still use qpopper but the security history is a pain. Root eploits, DoS stuff and others ... On the other hand qpopper is easy to set up and fast engough for a small enviroment but I would definitly not call qpopper secure. Sven BTW: qpopper was OpenSource software from the beginning. They just split up a part of it for a commercial product but changed this strategy back to one opensource product for all quite fast.
RE: pop mail recommendations
cucipop -Original Message- From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED] Sent: 06 December 2002 01:29 To: debian-security@lists.debian.org Subject: RE: pop mail recommendations I personnally used courrier-pop which did good, but never did I compare it with others. > -Original Message- > From: Ted Roby [mailto:[EMAIL PROTECTED] > Sent: Friday 6 December 2002 11:51 > To: debian-security@lists.debian.org > Subject: pop mail recommendations > > > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote: > We have exim / courier [pop imap pops imaps] using maildir formats > and controlled from mysql for virtual users accepting mail for about > 20 domains. How do you handle virtual user password changes with this setup? Can the users change their own password? Phil -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #180: Wrong polarity of neutron flow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: apt-get install qpopper Ok! ;-) *rotfl* Hope that wasn't a serious answer. apt-cache search pop3 I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. Sven I like the look of popa3d, but it does not support md5 or ssl transport. I know this is trivial protection, but every layer helps. Qpopper does look interesting. Since version 4 it has been released as free open source (I'm compiling it now, just to take a look). I have experience with Eudora mail products, primarily EIMS running on MacOS, so I am familiar with their processes. Thanks for the suggestions so far, and please feel free to give more. --- Random fortune: Next Friday will not be your lucky day. As a matter of fact, you don't have a lucky day this year.
RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it with others. > -Original Message- > From: Ted Roby [mailto:[EMAIL PROTECTED] > Sent: Friday 6 December 2002 11:51 > To: debian-security@lists.debian.org > Subject: pop mail recommendations > > > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: > apt-get install qpopper > > Ok! > > ;-) *rotfl* Hope that wasn't a serious answer. apt-cache search pop3 I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. Sven > Ted Roby ha escrito: > > > I have setup exim to host my domain's SMTP services. > > > > I am now looking for something to host POP3 on the same Debian potato > > box. > > > > I am asking the security list because that is my primary interest. > > I would like to find something stable, reasonably known to be secure, > > perhaps specifically recommended for debian servers, and can run as a > > stand-alone daemon. > > > > Would any of you care to make a recommendation?
Re: pop mail recommendations
apt-get install qpopper Ok! ;-) Bye Ted Roby ha escrito: > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ted Roby wrote: | I have setup exim to host my domain's SMTP services. | | Would any of you care to make a recommendation? I personally like teapop. It is very fast and stable. Furthermore it supports authenticating users against postgresql or mysql tables. I would really recommend using sql tables for authentication. Like this the pop3 user base is seperated from the unix user base (imagine someone sniffing a unix password and you forgot to disable login for the pop3 users...) Marcel - -- Marcel Weber - [EMAIL PROTECTED] PGP/GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE98J7T1EXMUTKVE5URAvseAKCfAbB+U/Vqzc2y1WmS2cW8zr/CvwCfYrur yo8eXOXvuZ0ZCy9UEqIAO3g= =FrZJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pop mail recommendations
I have setup exim to host my domain's SMTP services. I am now looking for something to host POP3 on the same Debian potato box. I am asking the security list because that is my primary interest. I would like to find something stable, reasonably known to be secure, perhaps specifically recommended for debian servers, and can run as a stand-alone daemon. Would any of you care to make a recommendation? --- Random fortune: A long-forgotten loved one will appear soon. Buy the negatives at any price.
RE: pop mail recommendations
Second the recommendation for courier. We have exim / courier [pop imap pops imaps] using maildir formats and controlled from mysql for virtual users accepting mail for about 20 domains. We did compare with Cyrus, but that fell down on integration with exim. This is the list dpkg -l *courier* | grep ii shows: ii courier-authda 0.37.3-2.3 Courier Mail Server authentication daemon ii courier-authmy 0.37.3-2.3 MySQL Authentication for Courier Mail Server ii courier-base 0.37.3-2.3 Courier Mail Server Base System ii courier-imap 1.4.3-2.3 IMAP daemon with PAM and Maildir support ii courier-imap-s 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor ii courier-pop0.37.3-2.3 POP3 daemon with PAM and Maildir support ii courier-pop-ss 0.37.3-3.1 POP3 daemon with SSL, PAM and Maildir suppor ii courier-ssl0.37.3-3.1 Courier Mail Server SSL Package Remember that pop3 by default is insecure in that user/passwords pass in the clear over the net - DON'T make your mail users real users with shell access or you are opening a large number of doors and putting out a nice big 'Hack here!' flag. A little tcpdump on your segment will get you a nice list of all the users / passwords for all your pop users - use pop-ssl instead. regards Jeff > -Original Message- > From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]] > Sent: 06 December 2002 11:29 > To: [EMAIL PROTECTED] > Subject: RE: pop mail recommendations > > > I personnally used courrier-pop which did good, but never did > I compare it > with others. > > > > -Original Message- > > From: Ted Roby [mailto:[EMAIL PROTECTED]] > > Sent: Friday 6 December 2002 11:51 > > To: [EMAIL PROTECTED] > > Subject: pop mail recommendations > > > > > > I have setup exim to host my domain's SMTP services. > > > > I am now looking for something to host POP3 on the same > Debian potato > > box. > > > > I am asking the security list because that is my primary interest. > > I would like to find something stable, reasonably known to > be secure, > > perhaps specifically recommended for debian servers, and > can run as a > > stand-alone daemon. > > > > Would any of you care to make a recommendation? > > > > > > --- > > Random fortune: > > > > A long-forgotten loved one will appear soon. > > > > Buy the negatives at any price. > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Updating Snort Signatures In Stable ?
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote: > > If so, are there any special steps required to integrate such a > download into our Debian Woody system ? Yes. See below. > > Alternatively, I note there are later signature packages in testing > and unstable - can we use those on a Woody system ? > No, you can't. There are changes in the signature definition that will only work with the unstable version (sid's) and will not work in woody. For the moment, the only think you can do is download sid's package for snort and compile it in a woody system. This is easier than you might think since it has proper Build-Depends so you might need only to point apt to the sid sources and ask it to download the source and --compile it. I have done this successfully in a woody box and could probably post the compiled packages somewhere if anyone is interested (but cannot compromise to recompile for woody each time a new version is available in sid). This is a known issue (it also affects antivirus) and has been debated at length in debian-devel. You might want to search the archive for more information. Regards Javi msg08040/pgp0.pgp Description: PGP signature
Re: pop mail recommendations
Hi all. Ted Roby wrote: I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. How about the combination of popa3d with postfix? Does this team up well? I thought of using qpopper, but I'm willing to think that over again if qpopper has major disadvanteges compared with popa3d. Bye, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote: > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: > >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: > >>apt-get install qpopper > >>;-) > >*rotfl* Hope that wasn't a serious answer. > >apt-cache search pop3 > > > >I suggest popa3d from http://www.openwall.com but I'm not sure > >if you can use it in standalone mode. > > I like the look of popa3d, but it does not support md5 or ssl > transport. I know this is trivial protection, but every layer helps. Well you asked for pop3 not pop3s. For security and pop3s courier might be a good choice but it's quite complex. (IMHO) > Qpopper does look interesting. Since version 4 it has been released as > free open source (I'm compiling it now, just to take a look). I have > experience with Eudora mail products, primarily EIMS running on MacOS, > so I am familiar with their processes. On one of my machines I still use qpopper but the security history is a pain. Root eploits, DoS stuff and others ... On the other hand qpopper is easy to set up and fast engough for a small enviroment but I would definitly not call qpopper secure. Sven BTW: qpopper was OpenSource software from the beginning. They just split up a part of it for a commercial product but changed this strategy back to one opensource product for all quite fast. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: pop mail recommendations
cucipop -Original Message- From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]] Sent: 06 December 2002 01:29 To: [EMAIL PROTECTED] Subject: RE: pop mail recommendations I personnally used courrier-pop which did good, but never did I compare it with others. > -Original Message- > From: Ted Roby [mailto:[EMAIL PROTECTED]] > Sent: Friday 6 December 2002 11:51 > To: [EMAIL PROTECTED] > Subject: pop mail recommendations > > > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote: On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: apt-get install qpopper Ok! ;-) *rotfl* Hope that wasn't a serious answer. apt-cache search pop3 I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. Sven I like the look of popa3d, but it does not support md5 or ssl transport. I know this is trivial protection, but every layer helps. Qpopper does look interesting. Since version 4 it has been released as free open source (I'm compiling it now, just to take a look). I have experience with Eudora mail products, primarily EIMS running on MacOS, so I am familiar with their processes. Thanks for the suggestions so far, and please feel free to give more. --- Random fortune: Next Friday will not be your lucky day. As a matter of fact, you don't have a lucky day this year. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it with others. > -Original Message- > From: Ted Roby [mailto:[EMAIL PROTECTED]] > Sent: Friday 6 December 2002 11:51 > To: [EMAIL PROTECTED] > Subject: pop mail recommendations > > > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote: > apt-get install qpopper > > Ok! > > ;-) *rotfl* Hope that wasn't a serious answer. apt-cache search pop3 I suggest popa3d from http://www.openwall.com but I'm not sure if you can use it in standalone mode. Sven > Ted Roby ha escrito: > > > I have setup exim to host my domain's SMTP services. > > > > I am now looking for something to host POP3 on the same Debian potato > > box. > > > > I am asking the security list because that is my primary interest. > > I would like to find something stable, reasonably known to be secure, > > perhaps specifically recommended for debian servers, and can run as a > > stand-alone daemon. > > > > Would any of you care to make a recommendation? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pop mail recommendations
apt-get install qpopper Ok! ;-) Bye Ted Roby ha escrito: > I have setup exim to host my domain's SMTP services. > > I am now looking for something to host POP3 on the same Debian potato > box. > > I am asking the security list because that is my primary interest. > I would like to find something stable, reasonably known to be secure, > perhaps specifically recommended for debian servers, and can run as a > stand-alone daemon. > > Would any of you care to make a recommendation? > > --- > Random fortune: > > A long-forgotten loved one will appear soon. > > Buy the negatives at any price. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pop mail recommendations
I have setup exim to host my domain's SMTP services. I am now looking for something to host POP3 on the same Debian potato box. I am asking the security list because that is my primary interest. I would like to find something stable, reasonably known to be secure, perhaps specifically recommended for debian servers, and can run as a stand-alone daemon. Would any of you care to make a recommendation? --- Random fortune: A long-forgotten loved one will appear soon. Buy the negatives at any price. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
unsubscribe
unsubscribe
NETSTAT: warning, got bogus TCP line
Hi everyone, not sure if this is a security issue. Sorry if it isnt. After doing a netstat I got a line 'warning, got bogus TCP line' from a client connecting to apache on a server I am looking after. Ive done a search on google without much success. Anyone know what this means? Thanks in advance and sorry again if this has been posted to the wrong place. Regards, Poon __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com