[NCLUG] New linux server
Michael Dwyer
mdwyer at sixthdimension.com
Fri Feb 1 09:40:32 MST 2002
Sean Reifschneider wrote:
>
> On Thu, Jan 31, 2002 at 05:38:55PM -0800, J. Paul Reed wrote:
> >Conveniently, you didn't address any of *those* concerns.
>
> Of course not... They include "technical reasoning" such as "I don't
> like the way qmail throws hundreds of little .qmail files around (I know
> about fastforward, it doesn't count)"...
Whoa, whoa, WHOA! Alright, Sean: Go to Colorado. Paul: Go to
California. You two apparently can't be trusted to be in the same
state. :D
For what it is worth, I don't like Q-Mail. I don't like the .files,
because they lack the self-documentation that a single file has. Sean
has repeatedly told me that these make it easier to do automated admin
this way, and I can see where that would be true, but I still prefer the
good ol' forward scripts. I've never had to deal with more that 50
users, and didn't need automated tools. Grep and Sed work just fine.
The QMail logs are somewhat difficult to read. The configs are
scattered EVERYWHERE. Oh, and DJB tends to annoy me. His ideas are
good, and very well-meaning. But he could certainly use a PR person to
talk for him...
But, all that said, it works. If I had my druthers, I would replace the
whole mess with Juniper SMTPd in front of Sendmail. But in the mean
time, it works and works well. A lot of the reasons I hate Qmail can be
summed up with one word: inexperience. I hate that I have to call up
Tummy to figure out how to halt my mail queue. If I became a QMail
expert, I'm sure I would be extolling its power and flexability here,
too. But since I don't know my way around it, I can just sit back here
and laugh at the fact that I find Sendmail /easier/ to use...
Oh, and if you *do* use SquirrelMail, you might want to check your
version:
*** {02.04.014} Cross - SquirrelMail PHP suite multiple vuln's
SquirrelMail PHP Web mail suite prior to version 1.2.3 has been found
to contain bugs in the handling of JavaScript embedded in HTML tags
within Web mail. It's possible for an attacker to construct an e-mail
that could execute arbitrary JavaScript when the user views the
e-mail. SquirrelMail also passes unfiltered user data to an exec()
command, thereby allowing an attacker to execute arbitrary command
line commands.
This vulnerability has been confirmed and corrected in SquirrelMail
version 1.2.3.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html
http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html
More information about the NCLUG
mailing list