On Tue, 27 Nov 2001, .:[Travis]:. wrote: [snip] > I consider IMAP insecure, however, I run Squirrel mail on the same > machine I have the mail server on and while I am running IMAP I simply > firewall it's services so that no one may access it external to the server > and allow Squirrel mail to access IMAP internal (no further > configuration). This allows you to run IMAP and Squirrel mail so that > IMAP isn't going to get exploited... You are left with the plain text > username/password vulnerable combo - yes but this is a general norm > considering other mail protocols.
After the post I tried squirrelmail myself, in exactly the same setup (because the mailserver and webserver are the same machine). If you firewally the imap port (tcp/143) then you are sure that nobody can exploit your imap server. > Yea, SSL for it would be great. I heard about tests with Squirrel > mail and SSL but nothing concrete - this is probably one of the main > problems with it's security. Well .. I run it under SSL, with no problems. The only problem I am encountering is a IMAP related problem: a mailbox with over 5000 messages takes ages to load (system load explodes and imapd taking all processor power). Regards, Johannes -- /===================================\ /====================================\ | Johannes Verelst | Email: [EMAIL PROTECTED] | | Web: http://www.verelst.net | IRC: nl.eu.slashnet.org / Gullie | +===================================/ \====================================+ |"Programming today is a race between software engineers striving to build | |bigger and better idiot-proof programs, and the Universe trying to produce| |bigger and better idiots. So far, the Universe is winning." | \==========================================================================/
