Setting up IMAP on Linux?

Setting up IMAP on Linux?

am 29.05.2007 20:53:03 von Ramon F Herrera

One of the things that have always puzzled me is that Linux comes with
everything plus the kitchen sink, and yet it doesn't include an IMAP
server. It used to come with one that sucked.

Anyway, every time I get a new Linux box, I go to the University of
Washington and get their IMAP server. It seems to be the most decent
out there. (do we agree so far?)

// begin criticism
(1) How come the folks at UofWash have no clue about ./configure and
autoconf? This kind of software gives Linux a bad name and plenty of
ammunition to Wintards.
(2) Their source code is filled with insecure calls, vulnerabilites to
buffer overflow attacks, such as 'gets' and 'tmpnam.' How hard can it
be to fix this?
// end criticism

Anyway, my concern is this:

+ Building in full compliance with RFC 3501 security
+ requirements:
++ TLS/SSL encryption is supported
++ Unencrypted plaintext passwords are prohibited

The documentation says that I have to get OpenSSL. My box is a RHEL4,
I use ssh all the time, so I don't need any extra software for the SSL
encyption. Is this correct?

TIA,

-Ramon

Re: Setting up IMAP on Linux?

am 29.05.2007 21:06:00 von Grant Edwards

On 2007-05-29, Ramon F Herrera wrote:

> One of the things that have always puzzled me is that Linux comes with
> everything plus the kitchen sink, and yet it doesn't include an IMAP
> server. It used to come with one that sucked.

You need to pick a better distro. All of the distros I know of
have several IMAP servers from which to choose. Gentoo has
Cyrus, Courier, and UW. Many distros have more choices (e..g
dovecot).

Personally, I think you're probably just trolling.

--
Grant Edwards grante Yow! Everybody is going
at somewhere!! It's probably
visi.com a garage sale or a disaster
Movie!!

Re: Setting up IMAP on Linux?

am 29.05.2007 21:12:51 von Tim Southerwood

Ramon F Herrera wrote:

> One of the things that have always puzzled me is that Linux comes with
> everything plus the kitchen sink, and yet it doesn't include an IMAP
> server. It used to come with one that sucked.

Eh?

> Anyway, every time I get a new Linux box, I go to the University of
> Washington and get their IMAP server. It seems to be the most decent
> out there. (do we agree so far?)

No, I don't agree. It's a reference implementation (AFAICT) that is OK in
practise, but can be bettered depending on needs.

> // begin criticism
> (1) How come the folks at UofWash have no clue about ./configure and
> autoconf? This kind of software gives Linux a bad name and plenty of
> ammunition to Wintards.

See above.

> (2) Their source code is filled with insecure calls, vulnerabilites to
> buffer overflow attacks, such as 'gets' and 'tmpnam.' How hard can it
> be to fix this?
> // end criticism

I guess Mark Crispin would be happy to take patches. Writing a patch shows
willing. Mark works for a University (obviously) as I used to and much of
this *may* be done as a side project - in as much as he probably gets lots
of day to day work to do too, so his time may be limited. I don't know, but
I'm offering a defence as to why it may not be all that you hoped. At least
he wrote one, released it and it does work and for that he should be
recognised.

> Anyway, my concern is this:
>
> + Building in full compliance with RFC 3501 security
> + requirements:
> ++ TLS/SSL encryption is supported
> ++ Unencrypted plaintext passwords are prohibited
>
> The documentation says that I have to get OpenSSL. My box is a RHEL4,
> I use ssh all the time, so I don't need any extra software for the SSL
> encyption. Is this correct?

You should have no trouble building WU-IMAP on RH-anything.

Anyway, there are several other IMAP servers, the one that would probably
most interest you is Dovecot: www.dovecot.org

It can be dropped in place of WU-IMAP and offers many more features and
active development. It's trivial (ish) to set up.

Cheers

Tim

Re: Setting up IMAP on Linux?

am 29.05.2007 21:16:56 von Ramon F Herrera

On May 29, 2:06 pm, Grant Edwards wrote:
> On 2007-05-29, Ramon F Herrera wrote:
>
> > One of the things that have always puzzled me is that Linux comes with
> > everything plus the kitchen sink, and yet it doesn't include an IMAP
> > server. It used to come with one that sucked.
>
> You need to pick a better distro. All of the distros I know of
> have several IMAP servers from which to choose. Gentoo has
> Cyrus, Courier, and UW. Many distros have more choices (e..g
> dovecot).
>

> Personally, I think you're probably just trolling.

Nope, no trolling here...

I *have* to use one of the enterprise versions, per Oracle mandate,
and I hate the SuSe traitors (I wiped out their distro the day they
announced they are a M$ slave now), so my only choice is RHEL. That
is a given.

I should have said: "How come RH Linux doesn't come with IMAP?". Hope
you're happy now.

Peace,

-Ramon

Re: Setting up IMAP on Linux?

am 29.05.2007 21:39:43 von John-Paul Stewart

Ramon F Herrera wrote:
> One of the things that have always puzzled me is that Linux comes with
> everything plus the kitchen sink, and yet it doesn't include an IMAP
> server. It used to come with one that sucked.

That really surprises me. You've mentioned RHEL4. CentOS and Whitebox
Linux (both free RHEL clones) offer cyrus-imapd pacakges (on CD #3 in
both cases). I'd be quite surprised if it isn't included with RHEL too.

[snip]
> The documentation says that I have to get OpenSSL. My box is a RHEL4,
> I use ssh all the time, so I don't need any extra software for the SSL
> encyption. Is this correct?

That's probably not correct. You've got the OpenSSH client program and
run-time libraries. But to compile something that uses OpenSSL you'll
need the -dev or -devel packages too. On Debian, that would be the
libssl-dev package. There should be a similarly named -devel package in
RHEL.

Re: Setting up IMAP on Linux?

am 29.05.2007 21:46:12 von Michael Heiming

In comp.os.linux.misc Grant Edwards wrote:
> On 2007-05-29, Ramon F Herrera wrote:

>> One of the things that have always puzzled me is that Linux comes with
>> everything plus the kitchen sink, and yet it doesn't include an IMAP
>> server. It used to come with one that sucked.

> You need to pick a better distro. All of the distros I know of

Not at all.

> have several IMAP servers from which to choose. Gentoo has
> Cyrus, Courier, and UW. Many distros have more choices (e..g
> dovecot).

> Personally, I think you're probably just trolling.

Bingo, at least dovecot and cyrus come with RHEL 4. For more
alternatives just grab the excellent rpms from Dag Wieers.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 100: IRQ dropout

Re: Setting up IMAP on Linux?

am 29.05.2007 21:56:03 von oneal

Ramon F Herrera wrote:
> On May 29, 2:06 pm, Grant Edwards wrote:
>> On 2007-05-29, Ramon F Herrera wrote:
>>
>>> One of the things that have always puzzled me is that Linux comes with
>>> everything plus the kitchen sink, and yet it doesn't include an IMAP
>>> server. It used to come with one that sucked.
>> You need to pick a better distro. All of the distros I know of
>> have several IMAP servers from which to choose. Gentoo has
>> Cyrus, Courier, and UW. Many distros have more choices (e..g
>> dovecot).
>>
>
> > Personally, I think you're probably just trolling.
>
> Nope, no trolling here...
>
> I *have* to use one of the enterprise versions, per Oracle mandate,
> and I hate the SuSe traitors (I wiped out their distro the day they
> announced they are a M$ slave now), so my only choice is RHEL. That
> is a given.
>
> I should have said: "How come RH Linux doesn't come with IMAP?". Hope
> you're happy now.
>
> Peace,
>
> -Ramon

I've moved away from RH, but ES3 came with imap-2002d-9.i386.rpm which
installed the UW POP and IMAP daemons. Are you installing the desktop
or the server version of RH?

Re: Setting up IMAP on Linux?

am 29.05.2007 22:01:23 von Grant Edwards

On 2007-05-29, Michael Heiming wrote:
> In comp.os.linux.misc Grant Edwards wrote:
>> On 2007-05-29, Ramon F Herrera wrote:
>
>>> One of the things that have always puzzled me is that Linux comes with
>>> everything plus the kitchen sink, and yet it doesn't include an IMAP
>>> server. It used to come with one that sucked.
>
>> You need to pick a better distro. All of the distros I know of
>
> Not at all.

I was giving the OP the benefit of the doubt in assuming he was
telling the truth about what was included in his distro.
Apparently I shouldn't have. ;)

>> have several IMAP servers from which to choose. Gentoo has
>> Cyrus, Courier, and UW. Many distros have more choices (e..g
>> dovecot).
>
>> Personally, I think you're probably just trolling.
>
> Bingo, at least dovecot and cyrus come with RHEL 4. For more
> alternatives just grab the excellent rpms from Dag Wieers.

Dovecot always seems to be mentioned in a positive light when I
hear about it, so I'm thinking about giving it a try. I'm
currently using courier-imap, but I find its maildir directory
naming scheme really annoying.

--
Grant Edwards grante Yow! Gibble, Gobble, we
at ACCEPT YOU ...
visi.com

Re: Setting up IMAP on Linux?

am 29.05.2007 22:01:26 von dozzie

Zawarto¶æ nag³ówka ["Followup-To:" comp.os.linux.security.]
On 29.05.2007, Ramon F Herrera wrote:
> One of the things that have always puzzled me is that Linux comes with
> everything plus the kitchen sink, and yet it doesn't include an IMAP
> server. It used to come with one that sucked.
>
> Anyway, every time I get a new Linux box, I go to the University of
> Washington and get their IMAP server. It seems to be the most decent
> out there. (do we agree so far?)

I wouldn't agree. How about Courier-IMAP, Dovecot or Cyrus IMAP? Are
there worse than UW IMAP server?

> // begin criticism
> (1) How come the folks at UofWash have no clue about ./configure and
> autoconf? This kind of software gives Linux a bad name and plenty of
> ammunition to Wintards.

Maybe they don't like autotools? What kind of accusations do you have
against their current build system? And why won't you use binary
packages, as any good admin would do?

> (2) Their source code is filled with insecure calls, vulnerabilites to
> buffer overflow attacks, such as 'gets' and 'tmpnam.' How hard can it
> be to fix this?

I don't know, but their software (wu-ftpd) used to have some bugs.

--
Secunia non olet.
Stanislaw Klekot

Re: Setting up IMAP on Linux?

am 29.05.2007 22:05:20 von dozzie

Zawarto¶æ nag³ówka ["Followup-To:" comp.os.linux.security.]
On 29.05.2007, John-Paul Stewart wrote:
> Ramon F Herrera wrote:
>> One of the things that have always puzzled me is that Linux comes with
>> everything plus the kitchen sink, and yet it doesn't include an IMAP
>> server. It used to come with one that sucked.
>
> That really surprises me. You've mentioned RHEL4. CentOS and Whitebox
> Linux (both free RHEL clones) offer cyrus-imapd pacakges (on CD #3 in
> both cases). I'd be quite surprised if it isn't included with RHEL too.

Cyrus IMAP is *not* an UW IMAP server. Cyrus IMAP isn't even hosted on
University of Washington.

--
Secunia non olet.
Stanislaw Klekot

Re: Setting up IMAP on Linux?

am 29.05.2007 22:21:04 von Ramon F Herrera

On May 29, 2:56 pm, Douglas O'Neal wrote:
> Ramon F Herrera wrote:
> > On May 29, 2:06 pm, Grant Edwards wrote:
> >> On 2007-05-29, Ramon F Herrera wrote:
>
> >>> One of the things that have always puzzled me is that Linux comes with
> >>> everything plus the kitchen sink, and yet it doesn't include an IMAP
> >>> server. It used to come with one that sucked.
> >> You need to pick a better distro. All of the distros I know of
> >> have several IMAP servers from which to choose. Gentoo has
> >> Cyrus, Courier, and UW. Many distros have more choices (e..g
> >> dovecot).
>
> > > Personally, I think you're probably just trolling.
>
> > Nope, no trolling here...
>
> > I *have* to use one of the enterprise versions, per Oracle mandate,
> > and I hate the SuSe traitors (I wiped out their distro the day they
> > announced they are a M$ slave now), so my only choice is RHEL. That
> > is a given.
>
> > I should have said: "How come RH Linux doesn't come with IMAP?". Hope
> > you're happy now.
>
> > Peace,
>
> > -Ramon
>
> I've moved away from RH, but ES3 came with imap-2002d-9.i386.rpm which
> installed the UW POP and IMAP daemons. Are you installing the desktop
> or the server version of RH?

Server. I don't work with desktops at all.

-Ramon

Re: Setting up IMAP on Linux?

am 29.05.2007 22:43:24 von Ramon F Herrera

On May 29, 2:56 pm, Douglas O'Neal wrote:
> Ramon F Herrera wrote:
> > On May 29, 2:06 pm, Grant Edwards wrote:
> >> On 2007-05-29, Ramon F Herrera wrote:
>
> >>> One of the things that have always puzzled me is that Linux comes with
> >>> everything plus the kitchen sink, and yet it doesn't include an IMAP
> >>> server. It used to come with one that sucked.
> >> You need to pick a better distro. All of the distros I know of
> >> have several IMAP servers from which to choose. Gentoo has
> >> Cyrus, Courier, and UW. Many distros have more choices (e..g
> >> dovecot).
>
> > > Personally, I think you're probably just trolling.
>
> > Nope, no trolling here...
>
> > I *have* to use one of the enterprise versions, per Oracle mandate,
> > and I hate the SuSe traitors (I wiped out their distro the day they
> > announced they are a M$ slave now), so my only choice is RHEL. That
> > is a given.
>
> > I should have said: "How come RH Linux doesn't come with IMAP?". Hope
> > you're happy now.
>
> > Peace,
>
> > -Ramon
>
> I've moved away from RH, but ES3 came with
> imap-2002d-9.i386.rpm which
> installed the UW POP and IMAP daemons.

This is what I have in RHEL4:

% grep imap cdrom-?
cdrom-4:./RedHat/RPMS/cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm
cdrom-4:./RedHat/RPMS/cyrus-imapd-devel-2.2.12-3.RHEL4.1.i38 6.rpm
cdrom-4:./RedHat/RPMS/cyrus-imapd-murder-2.2.12-3.RHEL4.1.i3 86.rpm
cdrom-4:./RedHat/RPMS/cyrus-imapd-nntp-2.2.12-3.RHEL4.1.i386 .rpm
cdrom-4:./RedHat/RPMS/cyrus-imapd-utils-2.2.12-3.RHEL4.1.i38 6.rpm
cdrom-5:./RedHat/RPMS/php-imap-4.3.9-3.15.i386.rpm

Anyway, I just downloaded dovecot (thanks Stachu & Tim S.!). I am
quite impressed.

http://www.dovecot.org

-Ramon

Re: Setting up IMAP on Linux?

am 30.05.2007 00:43:37 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-28603-1180478616-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Ramon F Herrera writes:

> On May 29, 2:56 pm, Douglas O'Neal wrote:
>> Ramon F Herrera wrote:
>>
>> > I should have said: "How come RH Linux doesn't come with IMAP?". Hope
>> > you're happy now.
>>
> This is what I have in RHEL4:
>
> % grep imap cdrom-?
> cdrom-4:./RedHat/RPMS/cyrus-imapd-2.2.12-3.RHEL4.1.i386.rpm

So, it does come with an IMAP server, after all. Next time, wait a bit more
before ranting.


--=_mimegpg-commodore.email-scan.com-28603-1180478616-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBGXKyYx9p3GYHlUOIRAuFsAJ9yM03anTXBOt2Carn0EtZ7uWKBZACf Wdft
EOWZP3zgjZsxM6eqKrBrp3c=
=Umet
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-28603-1180478616-0002--

Re: Setting up IMAP on Linux?

am 30.05.2007 00:47:26 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-28603-1180478842-0003
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Ramon F Herrera writes:

> (2) Their source code is filled with insecure calls,

No, it's not.

> vulnerabilites to
> buffer overflow attacks, such as 'gets' and 'tmpnam.'

Here's a free clue for you, Einstein: not every call to gets() or tmpnam()
is automatically insecure. Did you actually look at the code, and see what
it does?

> How hard can it
> be to fix this?

How hard it would be for you to know what you're talking about?


--=_mimegpg-commodore.email-scan.com-28603-1180478842-0003
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBGXK16x9p3GYHlUOIRArvlAJ98pfAPnmXhMQ95sSpJ5zXIuPUmGwCf S8hz
7W8VFxStVMwrslbxNfv+XyI=
=Wz7f
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-28603-1180478842-0003--

Re: Setting up IMAP on Linux?

am 30.05.2007 01:14:12 von Ramon F Herrera

On May 29, 5:47 pm, Sam wrote:
> Ramon F Herrera writes:
> > (2) Their source code is filled with insecure calls,
>
> No, it's not.
>
> > vulnerabilites to
> > buffer overflow attacks, such as 'gets' and 'tmpnam.'
>
> Here's a free clue for you, Einstein: not every call to gets() or tmpnam()
> is automatically insecure. Did you actually look at the code, and see what
> it does?
>
> > How hard can it
> > be to fix this?
>
> How hard it would be for you to know what you're talking about?
>
> application_pgp-signature_part
> 1KDownload


You obviously don't believe in defensive programming.

Given a choice, I will pick a software that doesn't produce such
warnings when compiled and that has a standard, flexible and universal
installation procedure in different platforms (*ix platforms, that
is).


Dovecot builds and installs beautifully under autoconfig and doesn't
give me worrisome error messages which are either:

(1) Indication of sloppy programming.
(2) Presuming that the user should look at the code and understand
why the use of dangerous deprecated functions is unavoidable (I highly
doubt it) and for some mysterious reason justifiable.

I always vote with my pocket and I just did it. Dovecot is my choice.

-Ramon

Re: Setting up IMAP on Linux?

am 30.05.2007 01:33:17 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-28603-1180481596-0004
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Ramon F Herrera writes:

> On May 29, 5:47 pm, Sam wrote:
>> Ramon F Herrera writes:
>> > (2) Their source code is filled with insecure calls,
>>
>> No, it's not.
>>
>> > vulnerabilites to
>> > buffer overflow attacks, such as 'gets' and 'tmpnam.'
>>
>> Here's a free clue for you, Einstein: not every call to gets() or tmpnam()
>> is automatically insecure. Did you actually look at the code, and see what
>> it does?
>
> You obviously don't believe in defensive programming.

You obviously don't know programming.

> Dovecot builds and installs beautifully under autoconfig and doesn't

That's "autoconf", not "autoconfig". And "autoconf" is not something that
you'd install "under".



--=_mimegpg-commodore.email-scan.com-28603-1180481596-0004
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD4DBQBGXLg8x9p3GYHlUOIRAif/AJiLkCa1M9QxJ3pkLSyTBgPCUjB4AJ9p cnZO
7kmLkMnRWGe+LvnolIj96g==
=jbDn
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-28603-1180481596-0004--

Re: Setting up IMAP on Linux?

am 30.05.2007 01:59:09 von Mark Crispin

On Tue, 29 May 2007, Sam wrote:
> Here's a free clue for you, Einstein: not every call to gets() or tmpnam()
> is automatically insecure. Did you actually look at the code, and see what
> it does?

This has been an amusing thread.

He contacted me in email earlier today, offering to put me in touch with
programmers in Romania to "fix" these issues...

For what it's worth, the gets() issue is explained here:
http://www.washington.edu/imap/IMAP-FAQs/index.html#3.22
and the tmpnam() issue is explained here:
http://www.washington.edu/imap/IMAP-FAQs/index.html#3.23

What's particularly funny is that, in the very special way that it is
used, tmpnam() actually *is* the correct call and the suggestion to use
mkstemp() is wrong. What's more, that code is never called on a system
that has /dev/urandom which is just about everything released in the past
decade....

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

Re: Setting up IMAP on Linux?

am 30.05.2007 02:15:22 von Mark Crispin

On Tue, 29 May 2007, Ramon F Herrera wrote:
> (1) How come the folks at UofWash have no clue about ./configure and
> autoconf?

The origins of the UW IMAP toolkit go back 20 years, and it builds on many
platforms in which autoconf does not stand a snowball's chance of running.
Typically, after spinning wheels for several CPU minutes, the configure
script aborts with "no space" or some other such message. On these
systems, "using autoconf" is equivalent to "does not build".

Many, if not all, of these platforms are either extinct or are nearing
extinction. In some future release (to be determined) I intend to declare
end-of-life on support of these platforms, and support will be limited to
modern platforms that are ameniable to autoconf.

This will undoubtably cause distress to people who still have some
dinosaurs (I am amazed at the things that some people still run!) but
they've gotten much longer support out of me than anyone else.

> This kind of software gives Linux a bad name and plenty of
> ammunition to Wintards.

This is an amusing statement. Windows generally does not use configure
scripts and compatibility between Windows releases within the Microsoft
monoculture is often as great a difficulty as in the Linux/BSD/UNIX world.

> The documentation says that I have to get OpenSSL. My box is a RHEL4,
> I use ssh all the time, so I don't need any extra software for the SSL
> encyption. Is this correct?

RFC 3501, section 11.

If you do not understand why this is required, you have far greater
security concerns than whether or not there's a tmpnam() call in code that
is never called on Linux.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

Re: Setting up IMAP on Linux?

am 30.05.2007 05:29:33 von Grant Edwards

On 2007-05-29, Ramon F Herrera wrote:
>
> Dovecot builds and installs beautifully under autoconfig and doesn't
> give me worrisome error messages which are either:
>
> (1) Indication of sloppy programming.
> (2) Presuming that the user should look at the code and understand
> why the use of dangerous deprecated functions is unavoidable (I highly
> doubt it) and for some mysterious reason justifiable.
>
> I always vote with my pocket and I just did it. Dovecot is my choice.

Cool! I assume that means you're donating money to the Dovecot
project:

http://www.dovecot.org/donate.html

--
Grant Edwards grante Yow! I was making donuts
at and now I'm on a bus!
visi.com

Re: Setting up IMAP on Linux?

am 30.05.2007 08:23:27 von Joel Reicher

Ramon F Herrera writes:

> (1) How come the folks at UofWash have no clue about ./configure and
> autoconf? This kind of software gives Linux a bad name and plenty of
> ammunition to Wintards.

http://www.washington.edu/imap/IMAP-FAQs/index.html#6.1

> (2) Their source code is filled with insecure calls, vulnerabilites to
> buffer overflow attacks, such as 'gets' and 'tmpnam.' How hard can it
> be to fix this?

http://www.washington.edu/imap/IMAP-FAQs/index.html#3.22

http://www.washington.edu/imap/IMAP-FAQs/index.html#3.23

> Anyway, my concern is this:
>
> + Building in full compliance with RFC 3501 security
> + requirements:
> ++ TLS/SSL encryption is supported
> ++ Unencrypted plaintext passwords are prohibited
>
> The documentation says that I have to get OpenSSL. My box is a RHEL4,
> I use ssh all the time, so I don't need any extra software for the SSL
> encyption. Is this correct?

http://www.washington.edu/imap/documentation/SSLBUILD.html

Cheers,

- Joel

Re: Setting up IMAP on Linux?

am 30.05.2007 16:00:46 von Peter Peters

On Tue, 29 May 2007 20:01:23 -0000, Grant Edwards
wrote:

>Dovecot always seems to be mentioned in a positive light when I
>hear about it, so I'm thinking about giving it a try. I'm
>currently using courier-imap, but I find its maildir directory
>naming scheme really annoying.

We have used Dovecot with maildir for a while for all our students. The
advantage in our case was that most students still used POP3 so every
time they connected and deleted one file the whole mailbox filed would
have to be copied. Dovecot and maildir speeded up things greatly.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

Re: Setting up IMAP on Linux?

am 30.05.2007 18:30:23 von Ramon F Herrera

On May 29, 10:29 pm, Grant Edwards wrote:
> On 2007-05-29, Ramon F Herrera wrote:
>
>
>
> > Dovecot builds and installs beautifully under autoconfig and doesn't
> > give me worrisome error messages which are either:
>
> > (1) Indication of sloppy programming.
> > (2) Presuming that the user should look at the code and understand
> > why the use of dangerous deprecated functions is unavoidable (I highly
> > doubt it) and for some mysterious reason justifiable.
>
> > I always vote with my pocket and I just did it. Dovecot is my choice.
>
> Cool! I assume that means you're donating money to the Dovecot
> project:
>
> http://www.dovecot.org/donate.html
>


Ever heard "Time is money"? You may replace "time" with "code" and a
number of other things.

-Ramon

Re: Setting up IMAP on Linux?

am 30.05.2007 18:42:34 von Grant Edwards

On 2007-05-30, Ramon F Herrera wrote:

>>> Dovecot builds and installs beautifully under autoconfig and doesn't
>>> give me worrisome error messages which are either:
>>
>>> (1) Indication of sloppy programming.
>>> (2) Presuming that the user should look at the code and understand
>>> why the use of dangerous deprecated functions is unavoidable (I highly
>>> doubt it) and for some mysterious reason justifiable.
>>
>>> I always vote with my pocket and I just did it. Dovecot is my
>>> choice.
>>
>> Cool! I assume that means you're donating money to the Dovecot
>> project:
>>
>> http://www.dovecot.org/donate.html
>
> Ever heard "Time is money"? You may replace "time" with "code"
> and a number of other things.

So you're giving code and a number of other things to the
Dovecot project to show your appreciation for their product?

--
Grant Edwards grante Yow! Your CHEEKS sit like
at twin NECTARINES above
visi.com a MOUTH that knows no
BOUNDS --

Re: Setting up IMAP on Linux?

am 30.05.2007 18:53:15 von Ramon F Herrera

On May 30, 11:42 am, Grant Edwards wrote:
> On 2007-05-30, Ramon F Herrera wrote:
>
>
>
> >>> Dovecot builds and installs beautifully under autoconfig and doesn't
> >>> give me worrisome error messages which are either:
>
> >>> (1) Indication of sloppy programming.
> >>> (2) Presuming that the user should look at the code and understand
> >>> why the use of dangerous deprecated functions is unavoidable (I highly
> >>> doubt it) and for some mysterious reason justifiable.
>
> >>> I always vote with my pocket and I just did it. Dovecot is my
> >>> choice.
>
> >> Cool! I assume that means you're donating money to the Dovecot
> >> project:
>
> >> http://www.dovecot.org/donate.html
>
> > Ever heard "Time is money"? You may replace "time" with "code"
> > and a number of other things.
>
> So you're giving code and a number of other things to the
> Dovecot project to show your appreciation for their product?
>

What are you, the IRS? :-)

Answering your question: I might. I have donated the autoconfigure
process to a number of OSS projects, the most important being
Asterisk. This was hard cash ($800) that I paid to a world-class GNU
programmer from Romania. But alas, the Dovecot people are way ahead of
me. On the other hand I have given cash to a SIP project hoping that
they would add some specific code that interested me and they never
did. The lesson learned is: "give them code (hiring programmers
through Rent-A-Coder is pretty cheap), not cash".

-Ramon

Re: Setting up IMAP on Linux?

am 31.05.2007 11:21:21 von Geoff Winkless

Ramon F Herrera wrote:
> Answering your question: I might. I have donated the autoconfigure
> process to a number of OSS projects, the most important being
> Asterisk. This was hard cash ($800) that I paid to a world-class GNU
> programmer from Romania. But alas, the Dovecot people are way ahead of
> me. On the other hand I have given cash to a SIP project hoping that
> they would add some specific code that interested me and they never
> did. The lesson learned is: "give them code (hiring programmers
> through Rent-A-Coder is pretty cheap), not cash".

I send cash if I find a tool which does exactly what I want. I send code
if I find a tool which does _almost_ exactly what I want :)

Geoff