Re: [PEN-TEST] IMAP servers safe?

[Thomas Nau <thomas.nau () RZ UNI-ULM DE>]

Stefan.
We only work with about 5000 mail users of which most don't use SSL (to
bad). We found that forcing them to SSL causes lots of anger and trouble
so I cannot rely give you numbers on the load.

Thomas

On Tue, 31 Oct 2000, Stefan Suurmeijer wrote:

|Hi Thomas,
|
|On Tue, 31 Oct 2000, Thomas Nau wrote:
|
|> Stefan.
|> We changed from qpopper to Cyrus IMAP/IMP/stunnel about 6 months ago and
|> are quiet happy about the solution. A drawback ist the POP support which
|> doesn't work as expected when people leave their mails on the server but
|> that's what IMAP is made for. The best point about Cyrus are it's support
|> for quota and the authentication backend which doesn't require UNIX
|> accounts for users at all (a big security plus for me). Beside that I
|> cannot tell you too much about beside the falws of IMP as documented in
|> BugTraq a while ago.
|>
|
|So I figure you use stunnel to solve Cyrus' lack of SSL support? Could you
|give me an indication of how much system load this creates? Since we will
|be working with upwards of 30,000 users, who would fall somewhere
|inbetween "heavy mail user" and "do you eat e-mail or something?" ;-)
|The last IMP bug I found was in April. I suppose this has been fixed in
|the current release?
|
|> Hope this helps,
|>      Thomas
|>
|>
|
|A lot. Thanks,
|
|Stefan
|
|
|

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000