On Fri, 06 Dec 2002 04:18:52 +, I wrote:
>I've been running Snort for a month or so now on a Woody box at work,
>and am now wondering whether the Debian Project (or packager) has a
>Plan for providing signature file updates to users of the stable
>distribution.
Well thanks for the answers fol
On Sat, 7 Dec 2002 01:09:59 +0100
Albert Cervera Areny <[EMAIL PROTECTED]> wrote:
> So it isn't really that the hole system runs 8% slower. Sorry for my
> first explanation... Now I think it is an overhead which is afordable
> seeing its benefits.
For your purposes, anyways.
As has been said, thi
On Fri, 06 Dec 2002 04:18:52 +, I wrote:
>I've been running Snort for a month or so now on a Woody box at work,
>and am now wondering whether the Debian Project (or packager) has a
>Plan for providing signature file updates to users of the stable
>distribution.
Well thanks for the answers fol
Sorry, I didn't say it as it really is...
"It shows an 8% overhead on function calls, which should be the upper bound on
the real costs of running programs under this protection system. The overall
overhead of guarded programs varies with how many functions are called that
have character array
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings <[EMAIL PROTECTED]> [021207 00:52]:
> Hello,
>
> I just migrated from leafnode to inn + suck on my Debian Woody box.
> After installing suck I think I have discovered a possible security
> violation. /etc/suck/get-news.conf is installe
Hello,
I just migrated from leafnode to inn + suck on my Debian Woody box.
After installing suck I think I have discovered a possible security
violation. /etc/suck/get-news.conf is installed as root:root with
default file permissions 644. This means that $WORLD can read passwords
from this file wh
On Sat, 7 Dec 2002 01:09:59 +0100
Albert Cervera Areny <[EMAIL PROTECTED]> wrote:
> So it isn't really that the hole system runs 8% slower. Sorry for my
> first explanation... Now I think it is an overhead which is afordable
> seeing its benefits.
For your purposes, anyways.
As has been said, thi
Ted Roby wrote:
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a l
Sorry, I didn't say it as it really is...
"It shows an 8% overhead on function calls, which should be the upper bound on
the real costs of running programs under this protection system. The overall
overhead of guarded programs varies with how many functions are called that
have character array
8% is a huge hit, by all means a module or an option, however I question its
need as "standard". I would not want it there unless Im convinced it truely
offers protection from a quantifiable risk. I dont want to see the kernel go
the way of MS's kernel ,one huge bloated mess.
Lets see some pape
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings <[EMAIL PROTECTED]> [021207 00:52]:
> Hello,
>
> I just migrated from leafnode to inn + suck on my Debian Woody box.
> After installing suck I think I have discovered a possible security
> violation. /etc/suck/get-news.conf is installe
Hello,
I just migrated from leafnode to inn + suck on my Debian Woody box.
After installing suck I think I have discovered a possible security
violation. /etc/suck/get-news.conf is installed as root:root with
default file permissions 644. This means that $WORLD can read passwords
from this file wh
I've read in slashdot
(http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
included stack-smashing protection using the ProPolice
(http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
I think it would be a great idea to use this patch with debian too as soon as
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a large number of doo
Ted Roby wrote:
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a la
8% is a huge hit, by all means a module or an option, however I question its
need as "standard". I would not want it there unless Im convinced it truely
offers protection from a quantifiable risk. I dont want to see the kernel go
the way of MS's kernel ,one huge bloated mess.
Lets see some pape
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
> This has been discussed before. The thing is, I think that if you're
> serious about using snort, you should not even consider using the one in
> Debian. snort.org doesn't even distribute up-to-date rules files for
> the versio
Jeff AA wrote:
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dp
I've read in slashdot
(http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
included stack-smashing protection using the ProPolice
(http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
I think it would be a great idea to use this patch with debian too as soon as
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a large number of door
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Sven Hoexter writes:
>On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
>> apt-get install qpopper
>>
>> Ok!
>>
>> ;-)
>*rotfl* Hope that wasn't a serious answer.
>apt-
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
> This has been discussed before. The thing is, I think that if you're
> serious about using snort, you should not even consider using the one in
> Debian. snort.org doesn't even distribute up-to-date rules files for
> the versio
Jeff AA wrote:
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dpk
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote:
> Look at brand new
> http://packages.debian.org/unstable/mail/cyrus21-imapd.html
>
> ssl included!
Cyrus definitely rocks, but it can't be described as lightweight in any
sense of the word. It's very powerful, and would be my fir
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Sven Hoexter writes:
>On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
>> apt-get install qpopper
>>
>> Ok!
>>
>> ;-)
>*rotfl* Hope that wasn't a serious answer.
>apt-
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Christian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, December 06, 2002 4:12 PM
To: debian-security@lists.debian.org
Subject: Re: pop mail recommendations
.
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>
> > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
>
> >> I suggest popa3d from http://www.openwall.com but I'm not sure
> >> if you can use it in standalone mode.
>
In article <[EMAIL PROTECTED]> you wrote:
> On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
>> I suggest popa3d from http://www.openwall.com but I'm not sure
>> if you can use it in standalone mode.
> I like the look of popa3d, but it does not support md5 or ssl
> transport. I
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote:
> Look at brand new
> http://packages.debian.org/unstable/mail/cyrus21-imapd.html
>
> ssl included!
Cyrus definitely rocks, but it can't be described as lightweight in any
sense of the word. It's very powerful, and would be my fir
A little HTTPS PHP web page lets users change passwords, enter a
vacation message or set up personal exim filters.
We don't allow remote pop3 or imap - all is SSL wrapped. We run
SquirrelMail through https for users who want a web client.
The nicest thing IMO though, is that we only allow relay f
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
> I searched the debian-security archive but didn't hit any items
> discussing this, so maybe it's a dumb question - sorry, I'm a newb
> here.
>
> Thanks for _any_ comments at all.
Well, the version I am running at this time is "Version
Why it did 'fell down .. with exim'?
With a little bit more expense as usual
cyrus 2.0.16 worked very fine with sendmail 8.12.2!
regards,
Christian
-Original Message-
From: Jeff AA [mailto:[EMAIL PROTECTED]
Sent: Friday, December 06, 2002 1:48 PM
To: debian-security@lists.debian.org
Subj
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Christian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 4:12 PM
To: [EMAIL PROTECTED]
Subject: Re: pop mail recommendations
...
I'd suggest
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote:
> We have exim / courier [pop imap pops imaps] using maildir formats
> and controlled from mysql for virtual users accepting mail for about
> 20 domains.
How do you handle virtual user password changes with this setup? Can
the users change t
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>
> > On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
>
> >> I suggest popa3d from http://www.openwall.com but I'm not sure
> >> if you can use it in standalone mode.
>
In article <[EMAIL PROTECTED]> you wrote:
> On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
>> I suggest popa3d from http://www.openwall.com but I'm not sure
>> if you can use it in standalone mode.
> I like the look of popa3d, but it does not support md5 or ssl
> transport. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Roby wrote:
| I have setup exim to host my domain's SMTP services.
|
| Would any of you care to make a recommendation?
I personally like teapop. It is very fast and stable. Furthermore it
supports authenticating users against postgresql or mysql
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dpkg -l *courier* |
A little HTTPS PHP web page lets users change passwords, enter a
vacation message or set up personal exim filters.
We don't allow remote pop3 or imap - all is SSL wrapped. We run
SquirrelMail through https for users who want a web client.
The nicest thing IMO though, is that we only allow relay f
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
>
> If so, are there any special steps required to integrate such a
> download into our Debian Woody system ?
Yes. See below.
>
> Alternatively, I note there are later signature packages in testing
> and unstable - can we use th
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
> I searched the debian-security archive but didn't hit any items
> discussing this, so maybe it's a dumb question - sorry, I'm a newb
> here.
>
> Thanks for _any_ comments at all.
Well, the version I am running at this time is "Version
Why it did 'fell down .. with exim'?
With a little bit more expense as usual
cyrus 2.0.16 worked very fine with sendmail 8.12.2!
regards,
Christian
-Original Message-
From: Jeff AA [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 1:48 PM
To: [EMAIL PROTECTED]
Subject: RE: pop m
Hi all.
Ted Roby wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
How about the combination of popa3d with postfix? Does this team up
well? I thought of using qpopper, but I'm willing to think that over
again if qpopper has major dis
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote:
> On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
> >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
> >>apt-get install qpopper
> >>;-)
> >*rotfl* Hope that wasn't a serious answer.
> >apt-cache search pop3
> >
> >I
cucipop
-Original Message-
From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]
Sent: 06 December 2002 01:29
To: debian-security@lists.debian.org
Subject: RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it
with others.
> -Origina
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote:
> We have exim / courier [pop imap pops imaps] using maildir formats
> and controlled from mysql for virtual users accepting mail for about
> 20 domains.
How do you handle virtual user password changes with this setup? Can
the users change t
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you ca
I personnally used courrier-pop which did good, but never did I compare it
with others.
> -Original Message-
> From: Ted Roby [mailto:[EMAIL PROTECTED]
> Sent: Friday 6 December 2002 11:51
> To: debian-security@lists.debian.org
> Subject: pop mail recommendations
>
>
> I have setup exim
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
> apt-get install qpopper
>
> Ok!
>
> ;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
Sven
> Ted Roby ha escrito:
>
apt-get install qpopper
Ok!
;-)
Bye
Ted Roby ha escrito:
> I have setup exim to host my domain's SMTP services.
>
> I am now looking for something to host POP3 on the same Debian potato
> box.
>
> I am asking the security list because that is my primary interest.
> I would like to find somethi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Roby wrote:
| I have setup exim to host my domain's SMTP services.
|
| Would any of you care to make a recommendation?
I personally like teapop. It is very fast and stable. Furthermore it
supports authenticating users against postgresql or mysql t
I have setup exim to host my domain's SMTP services.
I am now looking for something to host POP3 on the same Debian potato
box.
I am asking the security list because that is my primary interest.
I would like to find something stable, reasonably known to be secure,
perhaps specifically recomme
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dpkg -l *courier* |
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
>
> If so, are there any special steps required to integrate such a
> download into our Debian Woody system ?
Yes. See below.
>
> Alternatively, I note there are later signature packages in testing
> and unstable - can we use th
Hi all.
Ted Roby wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
How about the combination of popa3d with postfix? Does this team up
well? I thought of using qpopper, but I'm willing to think that over
again if qpopper has major disa
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote:
> On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
> >On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
> >>apt-get install qpopper
> >>;-)
> >*rotfl* Hope that wasn't a serious answer.
> >apt-cache search pop3
> >
> >I
cucipop
-Original Message-
From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2002 01:29
To: [EMAIL PROTECTED]
Subject: RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it
with others.
> -Original Message-
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can
I personnally used courrier-pop which did good, but never did I compare it
with others.
> -Original Message-
> From: Ted Roby [mailto:[EMAIL PROTECTED]]
> Sent: Friday 6 December 2002 11:51
> To: [EMAIL PROTECTED]
> Subject: pop mail recommendations
>
>
> I have setup exim to host my do
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
> apt-get install qpopper
>
> Ok!
>
> ;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
Sven
> Ted Roby ha escrito:
>
apt-get install qpopper
Ok!
;-)
Bye
Ted Roby ha escrito:
> I have setup exim to host my domain's SMTP services.
>
> I am now looking for something to host POP3 on the same Debian potato
> box.
>
> I am asking the security list because that is my primary interest.
> I would like to find somethi
I have setup exim to host my domain's SMTP services.
I am now looking for something to host POP3 on the same Debian potato
box.
I am asking the security list because that is my primary interest.
I would like to find something stable, reasonably known to be secure,
perhaps specifically recommend
unsubscribe
Hi everyone,
not sure if this is a security issue. Sorry if it
isnt. After doing a netstat I got a line 'warning, got
bogus TCP line' from a client connecting to apache on
a server I am looking after. Ive done a search on
google without much success. Anyone know what this
means?
Thanks in advance
64 matches
Mail list logo