-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 192-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 6th, 2002
apt-get install qpopper
Ok!
;-)
Bye
Ted Roby ha escrito:
I have setup exim to host my domain's SMTP services.
I am now looking for something to host POP3 on the same Debian potato
box.
I am asking the security list because that is my primary interest.
I would like to find something
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
Sven
Ted Roby ha escrito:
I
I personnally used courrier-pop which did good, but never did I compare it
with others.
-Original Message-
From: Ted Roby [mailto:[EMAIL PROTECTED]]
Sent: Friday 6 December 2002 11:51
To: [EMAIL PROTECTED]
Subject: pop mail recommendations
I have setup exim to host my domain's
cucipop
-Original Message-
From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2002 01:29
To: [EMAIL PROTECTED]
Subject: RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it
with others.
-Original Message-
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d
Hi all.
Ted Roby wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
How about the combination of popa3d with postfix? Does this team up
well? I thought of using qpopper, but I'm willing to think that over
again if qpopper has major
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
If so, are there any special steps required to integrate such a
download into our Debian Woody system ?
Yes. See below.
Alternatively, I note there are later signature packages in testing
and unstable - can we use those
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dpkg -l *courier* |
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Roby wrote:
| I have setup exim to host my domain's SMTP services.
|
| Would any of you care to make a recommendation?
I personally like teapop. It is very fast and stable. Furthermore it
supports authenticating users against postgresql or mysql
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote:
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
How do you handle virtual user password changes with this setup? Can
the users change
Why it did 'fell down .. with exim'?
With a little bit more expense as usual
cyrus 2.0.16 worked very fine with sendmail 8.12.2!
regards,
Christian
-Original Message-
From: Jeff AA [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 1:48 PM
To: [EMAIL PROTECTED]
Subject: RE: pop
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
I searched the debian-security archive but didn't hit any items
discussing this, so maybe it's a dumb question - sorry, I'm a newb
here.
Thanks for _any_ comments at all.
Well, the version I am running at this time is Version 1.9.0
A little HTTPS PHP web page lets users change passwords, enter a
vacation message or set up personal exim filters.
We don't allow remote pop3 or imap - all is SSL wrapped. We run
SquirrelMail through https for users who want a web client.
The nicest thing IMO though, is that we only allow relay
In article [EMAIL PROTECTED] you wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
I like the look of popa3d, but it does not support md5 or ssl
transport. I know
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED] you wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
I like the
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Christian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 4:12 PM
To: [EMAIL PROTECTED]
Subject: Re: pop mail recommendations
...
I'd
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote:
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Cyrus definitely rocks, but it can't be described as lightweight in any
sense of the word. It's very powerful, and would be my first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Sven Hoexter writes:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
This has been discussed before. The thing is, I think that if you're
serious about using snort, you should not even consider using the one in
Debian. snort.org doesn't even distribute up-to-date rules files for
the version
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a large number of
I've read in slashdot
(http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
included stack-smashing protection using the ProPolice
(http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
I think it would be a great idea to use this patch with debian too as soon
8% is a huge hit, by all means a module or an option, however I question its
need as standard. I would not want it there unless Im convinced it truely
offers protection from a quantifiable risk. I dont want to see the kernel go
the way of MS's kernel ,one huge bloated mess.
Lets see some
Ted Roby wrote:
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings [EMAIL PROTECTED] [021207 00:52]:
Hello,
I just migrated from leafnode to inn + suck on my Debian Woody box.
After installing suck I think I have discovered a possible security
violation. /etc/suck/get-news.conf is installed as
Sorry, I didn't say it as it really is...
It shows an 8% overhead on function calls, which should be the upper bound on
the real costs of running programs under this protection system. The overall
overhead of guarded programs varies with how many functions are called that
have character
On Fri, 06 Dec 2002 04:18:52 +, I wrote:
I've been running Snort for a month or so now on a Woody box at work,
and am now wondering whether the Debian Project (or packager) has a
Plan for providing signature file updates to users of the stable
distribution.
Well thanks for the answers folks
Hi everyone,
not sure if this is a security issue. Sorry if it
isnt. After doing a netstat I got a line 'warning, got
bogus TCP line' from a client connecting to apache on
a server I am looking after. Ive done a search on
google without much success. Anyone know what this
means?
Thanks in
unsubscribe
I have setup exim to host my domain's SMTP services.
I am now looking for something to host POP3 on the same Debian potato
box.
I am asking the security list because that is my primary interest.
I would like to find something stable, reasonably known to be secure,
perhaps specifically
apt-get install qpopper
Ok!
;-)
Bye
Ted Roby ha escrito:
I have setup exim to host my domain's SMTP services.
I am now looking for something to host POP3 on the same Debian potato
box.
I am asking the security list because that is my primary interest.
I would like to find something
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
Sven
Ted Roby ha escrito:
I
I personnally used courrier-pop which did good, but never did I compare it
with others.
-Original Message-
From: Ted Roby [mailto:[EMAIL PROTECTED]
Sent: Friday 6 December 2002 11:51
To: debian-security@lists.debian.org
Subject: pop mail recommendations
I have setup exim to
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d from http://www.openwall.com but I'm not sure
if you
cucipop
-Original Message-
From: DEFFONTAINES Vincent [mailto:[EMAIL PROTECTED]
Sent: 06 December 2002 01:29
To: debian-security@lists.debian.org
Subject: RE: pop mail recommendations
I personnally used courrier-pop which did good, but never did I compare it
with others.
On Fri, Dec 06, 2002 at 03:31:31AM -0800, Ted Roby wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search pop3
I suggest popa3d
Hi all.
Ted Roby wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
How about the combination of popa3d with postfix? Does this team up
well? I thought of using qpopper, but I'm willing to think that over
again if qpopper has major
On Fri, Dec 06, 2002 at 04:18:52AM +, Nick Boyce wrote:
If so, are there any special steps required to integrate such a
download into our Debian Woody system ?
Yes. See below.
Alternatively, I note there are later signature packages in testing
and unstable - can we use those
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list dpkg -l *courier* |
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ted Roby wrote:
| I have setup exim to host my domain's SMTP services.
|
| Would any of you care to make a recommendation?
I personally like teapop. It is very fast and stable. Furthermore it
supports authenticating users against postgresql or mysql
On Fri, 06 Dec 2002 at 12:48:19PM -, Jeff AA wrote:
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
How do you handle virtual user password changes with this setup? Can
the users change
A little HTTPS PHP web page lets users change passwords, enter a
vacation message or set up personal exim filters.
We don't allow remote pop3 or imap - all is SSL wrapped. We run
SquirrelMail through https for users who want a web client.
The nicest thing IMO though, is that we only allow relay
In article [EMAIL PROTECTED] you wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
I like the look of popa3d, but it does not support md5 or ssl
transport. I know
On Fri, Dec 06, 2002 at 10:12:22AM -0500, [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED] you wrote:
On Friday, Dec 6, 2002, at 03:18 US/Pacific, Sven Hoexter wrote:
I suggest popa3d from http://www.openwall.com but I'm not sure
if you can use it in standalone mode.
I like the
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Christian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, December 06, 2002 4:12 PM
To: debian-security@lists.debian.org
Subject: Re: pop mail recommendations
On Fri, Dec 06, 2002 at 04:35:04PM +0100, Christian Storch wrote:
Look at brand new
http://packages.debian.org/unstable/mail/cyrus21-imapd.html
ssl included!
Cyrus definitely rocks, but it can't be described as lightweight in any
sense of the word. It's very powerful, and would be my first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Sven Hoexter writes:
On Fri, Dec 06, 2002 at 12:07:10PM +0100, andres wrote:
apt-get install qpopper
Ok!
;-)
*rotfl* Hope that wasn't a serious answer.
apt-cache search
Jeff AA wrote:
Second the recommendation for courier.
We have exim / courier [pop imap pops imaps] using maildir formats
and controlled from mysql for virtual users accepting mail for about
20 domains.
We did compare with Cyrus, but that fell down on integration with
exim.
This is the list
On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
This has been discussed before. The thing is, I think that if you're
serious about using snort, you should not even consider using the one in
Debian. snort.org doesn't even distribute up-to-date rules files for
the version
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a large number of
I've read in slashdot
(http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
included stack-smashing protection using the ProPolice
(http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
I think it would be a great idea to use this patch with debian too as soon
8% is a huge hit, by all means a module or an option, however I question its
need as standard. I would not want it there unless Im convinced it truely
offers protection from a quantifiable risk. I dont want to see the kernel go
the way of MS's kernel ,one huge bloated mess.
Lets see some
Ted Roby wrote:
On Friday, Dec 6, 2002, at 04:48 US/Pacific, Jeff AA wrote:
Second the recommendation for courier.
Remember that pop3 by default is insecure in that user/passwords
pass in the clear over the net - DON'T make your mail users real users
with shell access or you are opening a
Hello,
I just migrated from leafnode to inn + suck on my Debian Woody box.
After installing suck I think I have discovered a possible security
violation. /etc/suck/get-news.conf is installed as root:root with
default file permissions 644. This means that $WORLD can read passwords
from this file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Marcus Frings [EMAIL PROTECTED] [021207 00:52]:
Hello,
I just migrated from leafnode to inn + suck on my Debian Woody box.
After installing suck I think I have discovered a possible security
violation. /etc/suck/get-news.conf is installed as
Sorry, I didn't say it as it really is...
It shows an 8% overhead on function calls, which should be the upper bound on
the real costs of running programs under this protection system. The overall
overhead of guarded programs varies with how many functions are called that
have character
On Fri, 06 Dec 2002 04:18:52 +, I wrote:
I've been running Snort for a month or so now on a Woody box at work,
and am now wondering whether the Debian Project (or packager) has a
Plan for providing signature file updates to users of the stable
distribution.
Well thanks for the answers folks
57 matches
Mail list logo