RE: [UUG/MLUG] A note on mail - problem (still)

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "'EMAIL:PROTECTED'" <EMAIL:PROTECTED>
Subject: RE: [UUG/MLUG] A note on mail - problem (still)
From: "Donnelly, Mark J." <EMAIL:PROTECTED>
Date: Wed, 27 Jan 1999 14:13:43 -0600
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

> IMAP can be a security problem.  AFAIK using qpopper is less risky.

<RANT>

IMAP can be a much more useful protocol.  Forcing users to run POP is less
responsible as a sysadmin.

If you're really serious about security, then the only service you should
run on your machine is ssh - without kerberos, and maybe a very strict www
service.

IMAP isn't intrinsically less secure than POP; it's just that the most
widespread implementation of IMAP (the one that comes with pine) had some
issues.  They are now fixed.  The last mention of IMAP in the subject line
of the Bugtraq archives comes from September 25!

How's about the security issues of forcing your users to download their mail
messages to local drives, possibly in lab situations?  How's about the
network issues of forcing users to download their mail over a modem
connection when they very well might have had their mailboxes filled with
spam that they would just want to delete anyway?  

All in all, POP is a pretty poor protocol!  It's a real quick down'n'dirty
idea for getting all the mail for one user from one machine to another; IMAP
is a much more elegant protocol, useful for managing mail, news, and
preferences (IIRC).  POP was designed just past the mindset of UUCP - it
shines for people with very temporary connections (like five minutes or
less).  IMAP is a protocol designed for today (or maybe a couple of years
ago, but still...), where the paradigm had shifted to people's computers
being connected for significant periods of time to a global internet.  In
this paradigm, people are no longer necessarily using the same computer
every time they're on the network, but they need the same abilities.  It's a
much more robust concept.

About the only thing missing from IMAP is encryption (barring SSH
tunneling), which is also missing from POP.  All in all, using IMAP is
better, running both is best.

</RANT>

It's not really a security issue anymore; just be sure to get the latest
IMAP server from the University of Washington or from freesoftware.  I'm
currently using 4.05, so don't settle for anything previous.

--Mark

	Just fear me, love me, do as I say, and I will be your slave.
		--Jareth (The Goblin King), Labyrinth

Prev by Date: RE: [UUG/MLUG] A note on mail - problem (still)
Next by Date: [UUG/MLUG] can't get my sound to work
Previous by thread: RE: [UUG/MLUG] A note on mail - problem (still)
Next by thread: [UUG/MLUG] can't get my sound to work
Index(es):
- Date
- Thread