thoughts on running an IMAP-over-SSL server exposed to the Internet?

Zachariah Mully zmully at smartbrief.com
Fri Mar 27 14:17:29 EDT 2009


On Fri, 2009-03-27 at 11:06 -0700, Florin Andrei wrote:

> The thing worrying me at this time is some stupid buffer overflow in the 
> IMAP server code. I have no idea what's the security history of this 
> server, even though I've been using it for quite a while, because it was 
> always in tightly controlled environments. Exposing it to the Internet 
> changes the game.
> 

> In this case, there are only a couple users and I'm one of them, so I'm 
> not worried. (or maybe I should? heh heh)

You've said nothing about the risks of a breach of your system, nor
about what exactly it is you are worried about being comprimised. 

Once you figure out those, you can make an educated decision. Until
then, you're just pissing into the wind.

Z



More information about the Info-cyrus mailing list