Date: Thu, 6 Sep 2007 23:39:42 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Jim Stapleton" <stapleton.41@gmail.com> Cc: Nikola Lecic <nlecic@eunet.yu>, "Russell E. Meek" <rmeek@russellmeek.net>, freebsd-questions@freebsd.org Subject: RE: mail server setup questions Message-ID: <BMEDLGAENEKCJFGODFOCEEFJCAAA.tedm@toybox.placo.com> In-Reply-To: <80f4f2b20709051404l6091bafas48d63fd4076e8fef@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Jim Stapleton [mailto:stapleton.41@gmail.com] > Sent: Wednesday, September 05, 2007 2:04 PM > To: Ted Mittelstaedt > Cc: Nikola Lecic; Russell E. Meek; freebsd-questions@freebsd.org > Subject: Re: mail server setup questions > > > > I would submit you think you do. For example, are you planning on > > putting a webmail interface on the server? A lot of people do. Well > > if you do and you put a scrap of CGI on there that has a hole in it > > a spammer can come along and cause that to relay mail from incoming > > http right into your mail queue. He doesen't need root access to > > do this. > > I have never stated interest in putting web mail up in my to-do list, > and in fact, have explicitly stated at least once, I've no intention > of doing that. To be blunt, I don't trust it. I only use it for things > on which I don't care about the security (ex. reading mailing lists). > I care about the security of my server. > The usual procedure if you want to make webmail secure is to field the webmail server on a separate box. (that is what we do) Just about all webmail interfaces I've tried use IMAP or POP3 to communicate with the mailserver, in fact, very few can read the mailboxes directly. There are other reasons you might want to run a webinterface on the mailserver, however. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCEEFJCAAA.tedm>