[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Is it safe to run IMAP [was: Command stream end of file errors...]
- Subject: Re: [cobalt-users] Is it safe to run IMAP [was: Command stream end of file errors...]
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Fri Apr 27 00:59:03 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Brian M. Rahill" <brian@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Is there a extra security risk in allowing users to connect to IMAP?
Every additional service you run increases your security risk since it's one
more service that someone could potentially find a security exploit in.
That doesn't mean you should turn IMAP off though. Personally, I prefer it
over POP since I can use procmail to route mail to different folders and I
can easily check my mail from home, work and anywhere in the world with an
internet connection since the email stays on the server until it's deleted.
There have been IMAP exploits in the past, just like there have been for
about every service. Check the version of IMAP you run, then visit
www.sans.org and search for 'IMAP', see if any are mentioned at
http://www.washington.edu/imap/, and search google.com for 'imap exploit'.
If you find anything interesting post to the list.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/