Squirrelmail + security concerns with cPanels using UW Imap Server!

[sexy_guy]

Cpanel is using UW Imap server. There are major security concerns with the possibily to show non-mail files within SquirrelMail and other mail clients. This includes sensitive files, such as /etc/passwd and others. It's a known problem with the UW imap server. The easiest and probably the best is to not use UW. It's terribly slow with large mailboxes. A much better alternate to UW would be Courier IMAP which is significantely faster and more secure. It would also help with the speed of pop3 on heavily loaded servers such as cPanel. Anyone care to comment on this? This is definately a major security concern espeically for those of us running Squirrelmail.

[howard]

yep courier-imap is defiantly a nice thing to have and i like its custom authentication modules however it uses the maildir mailbox format which would mean changing the current exim config to cope w/this and also the present mailboxes (so that people wouldn't have their customers start complaining they can't see archived mail etc)

With the varying issues people are having at the moment i am not sure if it would be a good thing to introduce at the moment (although i would fully support its introduction when things have settled down)

[sexy_guy]

Saw a few posts here where people were configuring their Squirrelmail to use Courier Imap which is incorrect. It should be set to University of Washingtons(UW) Imap server.

There is a very easy transition, upgrade available, to go from UW Imap to Courier but it would probably break most of the Imap functionality currently installed for cPanel. SIGH!