I wrote: > You need to plan around a security problem being found with your version > of ipop3d. Either you need to follow the appropriate security lists, and > be ready to patch your version of ipop3d quickly, or you need to use a > supported operating system which will do this for you. Roberto Figueroa wrote: > Thanks James for your advice. > > Another question: where can I find those security list...or more specific > mailing list related to ipop3d? Actually, I was trying to hint that this is what you *don’t* want to do! I believe that ipop3d in FC5 comes from the University of Washington at http://www.washington.edu/imap/ : run something like rpm -qif /usr/sbin/ipop3d and check the URL line. You will find a link to http://www.washington.edu/imap/lists/imap-uw.html on that page, which seems to be the best list. But there’s a couple of other things you need to bear in mind. If you’re going to use otherwise-unsupported software, you need to do this with every service you expose to the Internet. You should be aware of every service you offer to the Internet, anyway. You may well need to be examining your MTA software (probably sendmail, postfix, exim, or qmail), OpenSSH, and maybe stuff like Samba, bind and Cups. The few Linux viruses to date have spread this way (Lion used bind and Ramen used lpd – both exploited vulnerabilities in Red Hat Linux for which Red Hat had issued patches). Part of what a distribution should be offering you is that it will monitor these lists for you. You just have one place to go to look for updates. They should also have someone monitoring mailing lists like Bugtraq, which contains reports of security problems found by third parties. They also have access to vendor-sec, a closed distributor-only list co-ordinating upcoming security patches. Were you actually intending to offer POP3 access across the Internet? You may well have intended this: it’s a reasonable thing to do IF you’re offering e-mail service to people outside your network. James. -- E-mail: james@ | WARNING: Pressing CTRL+ALT+DEL again will restart your aprilcottage.co.uk | computer. Then again, what won't? You will lose unsaved | information, and even supposedly saved information, in | any case. -- David P. Murphy -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
