thoughts on running an IMAP-over-SSL server exposed to the Internet?

Wesley Craig wes at
Fri Mar 27 19:34:52 EDT 2009

On 27 Mar 2009, at 14:06, Florin Andrei wrote:
> The thing worrying me at this time is some stupid buffer overflow  
> in the
> IMAP server code. I have no idea what's the security history of this
> server, even though I've been using it for quite a while, because  
> it was
> always in tightly controlled environments. Exposing it to the Internet
> changes the game.

It's a very popular open source IMAP server, typically run exposed to  
the Internet at large.  That certainly far from a guarantee that it's  
bug free, but intruders have had ample opportunity probe the code  
over the years.


More information about the Info-cyrus mailing list