>> privileges. Since all the mailboxes are owned by the Cyrus user, what
>> would be more secure of a system that just does mail delivery woulkd
>> be a hack to sendmail so that once it attaches to port 25 it drops root
>> and runs as the Cyrus user. Show me a hack like that, and Cyrus wins
On Wed, 14 Mar 2001, Rob Tanner wrote:
> privileges. Since all the mailboxes are owned by the Cyrus user, what
> would be more secure of a system that just does mail delivery woulkd
> be a hack to sendmail so that once it attaches to port 25 it drops root
> and runs as the Cyrus user. Show m
> On Wed, 14 Mar 2001 08:43:44 -0800,
> Rob Tanner <[EMAIL PROTECTED]> (rt) writes:
rt> (I know a lot of people swear by postfix, but I stick with sendmail
rt> because I know the product and in this world of nasty hackers, using
rt> an unfamiliar MTA is a very scarry thought. But does an
BTW, anyone gotten SASL to do PAM auth on FreeBSD? Not working here,
unfortunately. It would be nice, but not a requirement... (whew)
I just get generic error when I log in, even if I make /etc/master.passwd
and /etc/spwd.db mode 644 as a temporary test.
Also, why is it that if I have the CRAM
oh yeah, there's also cyrus murder (how well does it work now?)
Scott
On Wed, 14 Mar 2001, Bitt Faulk wrote:
> Well, there are two CERT advisories about older versions of UoW:
>
>
>http://search.cert.org/query.html?rq=0&col=certadv&ht=0&qp=&qt=imap&qs=&qc=&pw=100%25&ws=1&la=&qm=0&st=1&nh=25&l
not that i'm advocating sendmail, but..
you can at least *somewhat* chroot sendmail.
Postfix was written bye Weitse Venema, who also wrote tcpd and SATAN (with
Dan Farmer)
Maybe that's not good enough for some people, I guess.. but Postfix is
definitely stable and not such an `unknown'. And y
On 14-Mar-01 at 09:00, The Hermit Hacker ([EMAIL PROTECTED]) wrote:
>
> Trying to convince a group that Cyrus is more secure, but my arguments are
> about as lame as can be :(
I assume that you've pointed out that no exploits have ever been
reported for Cyrus and that even if an exploit is ever
On Wed, Mar 14, 2001 at 08:43:44AM -0800, Rob Tanner wrote:
> (I know a lot of people swear by postfix, but I stick with sendmail
> because I know the product and in this world of nasty hackers, using an
> unfamiliar MTA is a very scarry thought. But does anyone know, can
> postfix be configur
On Wed, 14 Mar 2001, The Hermit Hacker wrote:
>
> Trying to convince a group that Cyrus is more secure, but my arguments are
> about as lame as can be :(
>
> Does anyone have a URL that I can use in my args, that compares them
> better?
Well, there are two CERT advisories about older versions of
Rob Tanner <[EMAIL PROTECTED]> writes:
[ re cyrus vs UW imap security ]
> The big issue, however, is sendmail. And ny effort to hack through
> your mail system via your email system (i.e., through port 25) goes
> through sendmail before Cyrus ever sees it, and most of those attacks
> are desi
That's a popular conception, but I don't know that it's really true. I
believe that Cyrus is a better conceived product in that it abandon's
the use of individually owned mailspools and maintains it's own
database (figuratively speaking) and amanages access to the individual
sppols. Cyrus al
11 matches
Mail list logo
